[ubuntu/jaunty-security] pidgin_2.5.5-1ubuntu8.5_armel_translations.tar.gz, pidgin_2.5.5-1ubuntu8.5_lpia_translations.tar.gz, pidgin_2.5.5-1ubuntu8.5_hppa_translations.tar.gz, pidgin, pidgin_2.5.5-1ubuntu8.5_amd64_translations.tar.gz, pidgin_2.5.5-1ubuntu8.5_i386_translations.tar.gz, pidgin_2.5.5-1ubuntu8.5_ia64_translations.tar.gz, pidgin_2.5.5-1ubuntu8.5_sparc_translations.tar.gz (delayed), pidgin_2.5.5-1ubuntu8.5_powerpc_translations.tar.gz 1:2.5.5-1ubuntu8.5 (Accepted)

[Ubuntu Installer]

pidgin (1:2.5.5-1ubuntu8.5) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/79_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/80_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/81_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
    - debian/patches/82_security_CVE-2009-3085.patch: validate raw_data in
      libpurple/protocols/jabber/data.c.
    - CVE-2009-3085
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/83_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/84_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c, backport purple_strequal in
      libpurple/util.{c,h}.
    - CVE-2010-0013

Date: Thu, 14 Jan 2010 13:31:58 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/pidgin/1:2.5.5-1ubuntu8.5
-------------- next part --------------
Format: 1.8
Date: Thu, 14 Jan 2010 13:31:58 -0500
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source
Version: 1:2.5.5-1ubuntu8.5
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Launchpad-Bugs-Fixed: 501089
Changes: 
 pidgin (1:2.5.5-1ubuntu8.5) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via TOPIC message
     - debian/patches/79_security_CVE-2009-2703.patch: validate args in
       libpurple/protocols/irc/msgs.c.
     - CVE-2009-2703
   * SECURITY UPDATE: information disclosure via incorrect jabber TLS
     handling
     - debian/patches/80_security_CVE-2009-3026.patch: bail out if
       encryption is not available in libpurple/protocols/jabber/auth.c.
     - CVE-2009-3026
   * SECURITY UPDATE: denial of service via malformed SLP invite message
     - debian/patches/81_security_CVE-2009-3083.patch: validate branch,
       content_type and content in libpurple/protocols/msn/slp.c.
     - CVE-2009-3083
   * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
     - debian/patches/82_security_CVE-2009-3085.patch: validate raw_data in
       libpurple/protocols/jabber/data.c.
     - CVE-2009-3085
   * SECURITY UPDATE: denial of service via crafted contact list data
     - debian/patches/83_security_CVE-2009-3615.patch: validate contact
       list structure in libpurple/protocols/oscar/oscar.c.
     - CVE-2009-3615
   * SECURITY UPDATE: directory traversal via custom smiley request
     (LP: #501089)
     - debian/patches/84_security_CVE-2010-0013.patch: ignore request for
       smileys that don't exist in the image store in
       libpurple/protocols/msn/slp.c, backport purple_strequal in
       libpurple/util.{c,h}.
     - CVE-2010-0013
Checksums-Sha1: 
 cbb41dcade0b48f4074613e5cd8a69356bc87740 1935 pidgin_2.5.5-1ubuntu8.5.dsc
 1e7460d29cc4c37629bd33e7c28aafb2d7e9fb58 137419 pidgin_2.5.5-1ubuntu8.5.diff.gz
Checksums-Sha256: 
 3773d4863057293c150147a5404e3aca4a9136a31c662dd56a00caecc7efef16 1935 pidgin_2.5.5-1ubuntu8.5.dsc
 65b8010d289cc1ca95f81572253c0f77ea7c58904108fcff6a35084d80983ac3 137419 pidgin_2.5.5-1ubuntu8.5.diff.gz
Files: 
 45acfca62d8f7e630bb932d194e1d138 1935 net optional pidgin_2.5.5-1ubuntu8.5.dsc
 59241d1cac4ce963f65bd5854e14281f 137419 net optional pidgin_2.5.5-1ubuntu8.5.diff.gz
Original-Maintainer: Ari Pollak <ari at debian.org>