pidgin 1:2.4.1-1ubuntu2.8 source package in Ubuntu
Changelog
pidgin (1:2.4.1-1ubuntu2.8) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/87_security_CVE-2009-2703.patch: validate args in
libpurple/protocols/irc/msgs.c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/88_security_CVE-2009-3026.patch: bail out if
encryption is not available in libpurple/protocols/jabber/auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/89_security_CVE-2009-3083.patch: validate branch,
content_type and content in libpurple/protocols/msn/slp.c and
libpurple/protocols/msnp9/slp.c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/90_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: denial of service via specially formulated long
filename (LP: #245769)
- previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete
- debian/patches/91_security_CVE-2008-2955-2.patch: change
src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure
still exists before putting dest_fp in it.
- CVE-2008-2955
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- previous 83_security_CVE-2009-1376.patch patch was incomplete
- debian/patches/92_security_CVE-2009-1376-2.patch: switch offset
variable to guint64 in libpurple/protocols/msnp9/slplink.c.
- CVE-2009-1376
* Fix connection issue with MSN (LP: #494002)
- debian/patches/93_msn_protocol8.patch: use protocol v8 in
libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported
by msn anymore.
-- Marc Deslauriers <email address hidden> Fri, 15 Jan 2010 12:56:44 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hardy
- Original maintainer:
- Ubuntu Core Development Team
- Architectures:
- any
- Section:
- net
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| pidgin_2.4.1.orig.tar.gz | 12.7 MiB | 3bb2312e10cf9cc4aea120ec7a8e96361ad31d3ebc0dbfcabf8e344f88afb0ce |
| pidgin_2.4.1-1ubuntu2.8.diff.gz | 138.7 KiB | 7cf3cbd5611767790ed413cc5e3c3806760a38568bae170cf644359dae53a275 |
| pidgin_2.4.1-1ubuntu2.8.dsc | 1.5 KiB | 04b1201d5c0fec07d9e226e504a2bffd716760d5180a4e8cb70061b415921619 |
Available diffs
Binary packages built by this source
- finch: No summary available for finch in ubuntu hardy.
No description available for finch in ubuntu hardy.
- finch-dev: No summary available for finch-dev in ubuntu hardy.
No description available for finch-dev in ubuntu hardy.
- gaim: No summary available for gaim in ubuntu hardy.
No description available for gaim in ubuntu hardy.
- libpurple-bin: No summary available for libpurple-bin in ubuntu hardy.
No description available for libpurple-bin in ubuntu hardy.
- libpurple-dev: No summary available for libpurple-dev in ubuntu hardy.
No description available for libpurple-dev in ubuntu hardy.
- libpurple0: No summary available for libpurple0 in ubuntu hardy.
No description available for libpurple0 in ubuntu hardy.
- pidgin: No summary available for pidgin in ubuntu hardy.
No description available for pidgin in ubuntu hardy.
- pidgin-data: No summary available for pidgin-data in ubuntu hardy.
No description available for pidgin-data in ubuntu hardy.
- pidgin-dbg: No summary available for pidgin-dbg in ubuntu hardy.
No description available for pidgin-dbg in ubuntu hardy.
- pidgin-dev: No summary available for pidgin-dev in ubuntu hardy.
No description available for pidgin-dev in ubuntu hardy.
