* SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
messages (LP: #958208)
- debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
enforce proper UTF-8 encoding. Based on upstream patch.
- CVE-2011-4601
* SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
and video chat requests (LP: #958208)
- debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
and video chat requests. Based on upstream patch.
- CVE-2011-4602
* SECURITY UPDATE: Remote denial of service via specially crafted SILC
messages (LP: #958208)
- debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
enforce proper UTF-8 encoding. Based on upstream patch.
- CVE-2011-4603
* SECURITY UPDATE: Information disclosure
- debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
when freeing memory containing security-sensitive data. Based on
upstream patch.
- CVE-2011-4922
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
offline messages (LP: #958208)
- debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
to UTF-8 if they are not already UTF-8. Based on upstream patch.
- CVE-2012-1178
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
messages (LP: #996691)
- debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
then validate the messages. Based on upstream patch.
- CVE-2012-2318
* SECURITY UPDATE: Remote denial of service via specially crafted MXit
messages (LP: #1022012)
- debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
instead of a fixed size buffer. Based on upstream patch.
- CVE-2012-3374
-- Tyler Hicks <email address hidden> Sun, 08 Jul 2012 18:14:21 -0500
This bug was fixed in the package pidgin - 1:2.6.6-1ubuntu4.5
--------------- 6-1ubuntu4. 5) lucid-security; urgency=low
pidgin (1:2.6.
* SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ patches/ 98_CVE- 2011-4601. patch: Validate incoming messages to patches/ 98_CVE- 2011-4602. patch: Validate fields in incoming voice patches/ 98_CVE- 2011-4603. patch: Validate incoming messages to patches/ 98_CVE- 2011-4922. patch: Properly clear memory regions patches/ 98_CVE- 2012-1178. patch: Convert incoming offline messages patches/ 98_CVE- 2012-2318. patch: Convert incoming messages to UTF-8, patches/ 98_CVE- 2012-3374. patch: Use dynamically allocated memory
messages (LP: #958208)
- debian/
enforce proper UTF-8 encoding. Based on upstream patch.
- CVE-2011-4601
* SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
and video chat requests (LP: #958208)
- debian/
and video chat requests. Based on upstream patch.
- CVE-2011-4602
* SECURITY UPDATE: Remote denial of service via specially crafted SILC
messages (LP: #958208)
- debian/
enforce proper UTF-8 encoding. Based on upstream patch.
- CVE-2011-4603
* SECURITY UPDATE: Information disclosure
- debian/
when freeing memory containing security-sensitive data. Based on
upstream patch.
- CVE-2011-4922
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
offline messages (LP: #958208)
- debian/
to UTF-8 if they are not already UTF-8. Based on upstream patch.
- CVE-2012-1178
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
messages (LP: #996691)
- debian/
then validate the messages. Based on upstream patch.
- CVE-2012-2318
* SECURITY UPDATE: Remote denial of service via specially crafted MXit
messages (LP: #1022012)
- debian/
instead of a fixed size buffer. Based on upstream patch.
- CVE-2012-3374
-- Tyler Hicks <email address hidden> Sun, 08 Jul 2012 18:14:21 -0500