[ubuntu/lucid-security] pidgin_2.6.6-1ubuntu4.4_i386_translations.tar.gz, pidgin_2.6.6-1ubuntu4.4_amd64_translations.tar.gz, pidgin, pidgin_2.6.6-1ubuntu4.4_sparc_translations.tar.gz, pidgin_2.6.6-1ubuntu4.4_powerpc_translations.tar.gz, pidgin_2.6.6-1ubuntu4.4_ia64_translations.tar.gz, pidgin_2.6.6-1ubuntu4.4_armel_translations.tar.gz 1:2.6.6-1ubuntu4.4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Nov 21 20:06:23 UTC 2011


pidgin (1:2.6.6-1ubuntu4.4) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service in Yahoo! protocol via malormed
    YMSG message
    - debian/patches/97_CVE-2011-1091.patch: validate messages in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2011-1091
  * SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
    response size
    - debian/patches/97_CVE-2011-3184.patch: properly calculate size in
      libpurple/protocols/msn/httpconn.c.
    - CVE-2011-3184
  * SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
    sequence
    - debian/patches/97_CVE-2011-3594.patch: properly handle utf-8 in
      libpurple/protocols/silc/ops.c.
    - CVE-2011-3594

Date: Fri, 18 Nov 2011 14:48:36 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Desktop Team <ubuntu-desktop at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/pidgin/1:2.6.6-1ubuntu4.4
-------------- next part --------------
Format: 1.8
Date: Fri, 18 Nov 2011 14:48:36 -0500
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source
Version: 1:2.6.6-1ubuntu4.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Desktop Team <ubuntu-desktop at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Changes: 
 pidgin (1:2.6.6-1ubuntu4.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service in Yahoo! protocol via malormed
     YMSG message
     - debian/patches/97_CVE-2011-1091.patch: validate messages in
       libpurple/protocols/yahoo/libymsg.c.
     - CVE-2011-1091
   * SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
     response size
     - debian/patches/97_CVE-2011-3184.patch: properly calculate size in
       libpurple/protocols/msn/httpconn.c.
     - CVE-2011-3184
   * SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
     sequence
     - debian/patches/97_CVE-2011-3594.patch: properly handle utf-8 in
       libpurple/protocols/silc/ops.c.
     - CVE-2011-3594
Checksums-Sha1: 
 90794e6c5a16a32798c33ede6afa5373345156d5 2727 pidgin_2.6.6-1ubuntu4.4.dsc
 1f413669a54e1733c00b9cf4af3ef37fa2f0769c 78411 pidgin_2.6.6-1ubuntu4.4.debian.tar.gz
Checksums-Sha256: 
 50ff123ce0b2a248f5084e68d161dbf238089cbba26d7f84f07ee83b5f4a77df 2727 pidgin_2.6.6-1ubuntu4.4.dsc
 85b07def2f4189e003304d6fdd166b1a3edf0cecf3cd8018614525348428fd60 78411 pidgin_2.6.6-1ubuntu4.4.debian.tar.gz
Files: 
 9a6351442d1fdc29629ecec92ec5871e 2727 net optional pidgin_2.6.6-1ubuntu4.4.dsc
 573bbd31d9e0971cf304ffefe561f07a 78411 net optional pidgin_2.6.6-1ubuntu4.4.debian.tar.gz
Original-Maintainer: Ari Pollak <ari at debian.org>


More information about the Lucid-changes mailing list