[ubuntu/vivid-proposed] pidgin 1:2.10.9-0ubuntu8 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Oct 28 13:59:16 UTC 2014
pidgin (1:2.10.9-0ubuntu8) vivid; urgency=medium
* SECURITY UPDATE: insufficient ssl certificate validation
- debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
libpurple/certificate.c, libpurple/certificate.h,
libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
- CVE-2014-3694
* SECURITY UPDATE: denial of service via malformed MXit emoticon response
- debian/patches/CVE-2014-3695.patch: properly check lengths in
libpurple/protocols/mxit/markup.c.
- CVE-2014-3695
* SECURITY UPDATE: denial of service via malformed Groupwise message
- debian/patches/CVE-2014-3696.patch: check sizes in
libpurple/protocols/novell/nmevent.c.
- CVE-2014-3696
* SECURITY UPDATE: XMPP information leak
- debian/patches/CVE-2014-3698.patch: fix leaks in
libpurple/protocols/jabber/jutil.c.
- CVE-2014-3698
Date: Tue, 28 Oct 2014 08:11:48 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/vivid/+source/pidgin/1:2.10.9-0ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Oct 2014 08:11:48 -0400
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source
Version: 1:2.10.9-0ubuntu8
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
finch - text-based multi-protocol instant messaging client
finch-dev - text-based multi-protocol instant messaging client - development
libpurple-bin - multi-protocol instant messaging library - extra utilities
libpurple-dev - multi-protocol instant messaging library - development files
libpurple0 - multi-protocol instant messaging library
pidgin - graphical multi-protocol instant messaging client for X
pidgin-data - multi-protocol instant messaging client - data files
pidgin-dbg - Debugging symbols for Pidgin
pidgin-dev - multi-protocol instant messaging client - development files
Changes:
pidgin (1:2.10.9-0ubuntu8) vivid; urgency=medium
.
* SECURITY UPDATE: insufficient ssl certificate validation
- debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
libpurple/certificate.c, libpurple/certificate.h,
libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
- CVE-2014-3694
* SECURITY UPDATE: denial of service via malformed MXit emoticon response
- debian/patches/CVE-2014-3695.patch: properly check lengths in
libpurple/protocols/mxit/markup.c.
- CVE-2014-3695
* SECURITY UPDATE: denial of service via malformed Groupwise message
- debian/patches/CVE-2014-3696.patch: check sizes in
libpurple/protocols/novell/nmevent.c.
- CVE-2014-3696
* SECURITY UPDATE: XMPP information leak
- debian/patches/CVE-2014-3698.patch: fix leaks in
libpurple/protocols/jabber/jutil.c.
- CVE-2014-3698
Checksums-Sha1:
e28acf6da702a6765aac2a63a5b732517f67b679 2998 pidgin_2.10.9-0ubuntu8.dsc
43ba36ac5482b2ef9ef6cf2e0b073814917faa81 64884 pidgin_2.10.9-0ubuntu8.debian.tar.xz
Checksums-Sha256:
7c05e0016a44b3cb38c10262d4d8add27868a8bbecd7832ceaf1ccf411acacb4 2998 pidgin_2.10.9-0ubuntu8.dsc
186eb28f0edc676b92f08b277a6be2f3e50712e207082c5e5c93f49378dee907 64884 pidgin_2.10.9-0ubuntu8.debian.tar.xz
Files:
3224ac5f166a3ec7e3d96db84aa7e9bc 2998 net optional pidgin_2.10.9-0ubuntu8.dsc
edee14da4ad609ca844f8624b0fa9df2 64884 net optional pidgin_2.10.9-0ubuntu8.debian.tar.xz
Original-Maintainer: Ari Pollak <ari at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUT6DHAAoJEGVp2FWnRL6Tt/gP+gJcXOkLrtpQKJUv+Zh6/YIL
/xIZahR/75CtZat2eUfZotYGLSHrom7PeUI4R+R4dWLfzYbYZNHT1zoAktdcAxJe
OO7FlWfvTLy/VpGPVWTqcZ6e3M8L1fjKeWORWbSIm6KKSVQgtRbrtSOgjae5HfIm
uPeD3AAfQqgralQmJwGFNkc9ZTx4DTI+uqyxPGce1xSCpUrRfnXSNe+jlCsbPfdv
dv7r9JgGgCAO/PhFy+8sXvzpeDj7ZcF/mFY+oy4cPe8dZp24lL6EfZjiTs2sB8K4
y2JrxvjoivyK4HPivk9m1GtQGyIBpqTncJLO+Sj8QtQ7qR5J6C4UvS4dlGI9dTe3
YMFGvSSM7eLrBi3eVRBhTj5n7KWwT98T5c5Yc0J4zWGIu3xVHe792JMvFqCzcsSl
Tq7P3Do9Vjm8w2w+PjRYGnldAmvmIthbuKjwiCRyVJ4EZq7bfgY8NzB8HhVQ6eRP
Mw5wFXI9Gavjg0VohMYfMWMlVfBQVn9ybAp4spW4pkZhMtGYqym8gmdLuTzME4tA
spMRqOFXJqBbQB1rHQipGiP20Yi+gjwYpP5IXR9D10csIlA3VUs1/wLhrVLJeCb0
foIbeb7SEyIta34kB63qcfa5VS5zlFyfsmbncNQq85Ck1G60otFRgr8YqhWI3QU2
0zUnS6XLBrgXk3noy8yw
=IzBm
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list