[ubuntu/vivid-proposed] pidgin 1:2.10.9-0ubuntu8 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Oct 28 13:59:16 UTC 2014 

pidgin (1:2.10.9-0ubuntu8) vivid; urgency=medium

  * SECURITY UPDATE: insufficient ssl certificate validation
    - debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
      libpurple/certificate.c, libpurple/certificate.h,
      libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
    - CVE-2014-3694
  * SECURITY UPDATE: denial of service via malformed MXit emoticon response
    - debian/patches/CVE-2014-3695.patch: properly check lengths in
      libpurple/protocols/mxit/markup.c.
    - CVE-2014-3695
  * SECURITY UPDATE: denial of service via malformed Groupwise message
    - debian/patches/CVE-2014-3696.patch: check sizes in
      libpurple/protocols/novell/nmevent.c.
    - CVE-2014-3696
  * SECURITY UPDATE: XMPP information leak
    - debian/patches/CVE-2014-3698.patch: fix leaks in
      libpurple/protocols/jabber/jutil.c.
    - CVE-2014-3698

Date: Tue, 28 Oct 2014 08:11:48 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/vivid/+source/pidgin/1:2.10.9-0ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Oct 2014 08:11:48 -0400
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source
Version: 1:2.10.9-0ubuntu8
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Changes:
 pidgin (1:2.10.9-0ubuntu8) vivid; urgency=medium
 .
   * SECURITY UPDATE: insufficient ssl certificate validation
     - debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
       libpurple/certificate.c, libpurple/certificate.h,
       libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
     - CVE-2014-3694
   * SECURITY UPDATE: denial of service via malformed MXit emoticon response
     - debian/patches/CVE-2014-3695.patch: properly check lengths in
       libpurple/protocols/mxit/markup.c.
     - CVE-2014-3695
   * SECURITY UPDATE: denial of service via malformed Groupwise message
     - debian/patches/CVE-2014-3696.patch: check sizes in
       libpurple/protocols/novell/nmevent.c.
     - CVE-2014-3696
   * SECURITY UPDATE: XMPP information leak
     - debian/patches/CVE-2014-3698.patch: fix leaks in
       libpurple/protocols/jabber/jutil.c.
     - CVE-2014-3698
Checksums-Sha1:
 e28acf6da702a6765aac2a63a5b732517f67b679 2998 pidgin_2.10.9-0ubuntu8.dsc
 43ba36ac5482b2ef9ef6cf2e0b073814917faa81 64884 pidgin_2.10.9-0ubuntu8.debian.tar.xz
Checksums-Sha256:
 7c05e0016a44b3cb38c10262d4d8add27868a8bbecd7832ceaf1ccf411acacb4 2998 pidgin_2.10.9-0ubuntu8.dsc
 186eb28f0edc676b92f08b277a6be2f3e50712e207082c5e5c93f49378dee907 64884 pidgin_2.10.9-0ubuntu8.debian.tar.xz
Files:
 3224ac5f166a3ec7e3d96db84aa7e9bc 2998 net optional pidgin_2.10.9-0ubuntu8.dsc
 edee14da4ad609ca844f8624b0fa9df2 64884 net optional pidgin_2.10.9-0ubuntu8.debian.tar.xz
Original-Maintainer: Ari Pollak <ari at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUT6DHAAoJEGVp2FWnRL6Tt/gP+gJcXOkLrtpQKJUv+Zh6/YIL
/xIZahR/75CtZat2eUfZotYGLSHrom7PeUI4R+R4dWLfzYbYZNHT1zoAktdcAxJe
OO7FlWfvTLy/VpGPVWTqcZ6e3M8L1fjKeWORWbSIm6KKSVQgtRbrtSOgjae5HfIm
uPeD3AAfQqgralQmJwGFNkc9ZTx4DTI+uqyxPGce1xSCpUrRfnXSNe+jlCsbPfdv
dv7r9JgGgCAO/PhFy+8sXvzpeDj7ZcF/mFY+oy4cPe8dZp24lL6EfZjiTs2sB8K4
y2JrxvjoivyK4HPivk9m1GtQGyIBpqTncJLO+Sj8QtQ7qR5J6C4UvS4dlGI9dTe3
YMFGvSSM7eLrBi3eVRBhTj5n7KWwT98T5c5Yc0J4zWGIu3xVHe792JMvFqCzcsSl
Tq7P3Do9Vjm8w2w+PjRYGnldAmvmIthbuKjwiCRyVJ4EZq7bfgY8NzB8HhVQ6eRP
Mw5wFXI9Gavjg0VohMYfMWMlVfBQVn9ybAp4spW4pkZhMtGYqym8gmdLuTzME4tA
spMRqOFXJqBbQB1rHQipGiP20Yi+gjwYpP5IXR9D10csIlA3VUs1/wLhrVLJeCb0
foIbeb7SEyIta34kB63qcfa5VS5zlFyfsmbncNQq85Ck1G60otFRgr8YqhWI3QU2
0zUnS6XLBrgXk3noy8yw
=IzBm
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list