Ubuntu
pidgin package

Bug #958208
Comment #4

Comment 4 for bug 958208

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-07-09:

This bug was fixed in the package pidgin - 1:2.10.0-0ubuntu2.1

---------------
pidgin (1:2.10.0-0ubuntu2.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Remote denial of service via nickname changes in XMPP
    chat rooms (LP: #958208)
    - debian/patches/CVE-2011-4939.patch: Ensure pointer is non-NULL prior to
      dereferencing it. Based on upstream patch.
    - CVE-2011-4939
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to
      UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
    transfer requests (LP: #996691)
    - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
      connection attempts. Based on upstream patch.
    - CVE-2012-2214
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
-- Tyler Hicks <email address hidden> Sun, 08 Jul 2012 18:14:21 -0500

This bug was fixed in the package pidgin - 1:2.10.0-0ubuntu2.1

---------------
pidgin (1:2.10.0-0ubuntu2.1) oneiric-security; urgency=low

* SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Remote denial of service via nickname changes in XMPP
    chat rooms (LP: #958208)
    - debian/patches/CVE-2011-4939.patch: Ensure pointer is non-NULL prior to
      dereferencing it. Based on upstream patch.
    - CVE-2011-4939
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to
      UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
    transfer requests (LP: #996691)
    - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
      connection attempts. Based on upstream patch.
    - CVE-2012-2214
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <tyhicks@canonical.com>   Sun, 08 Jul 2012 18:14:21 -0500

Ubuntupidgin package

Comment 4 for bug 958208

Ubuntu
pidgin package