Ubuntu

Change log for “pidgin” package in Ubuntu

175 of 162 results
Published in trusty-release on 2014-04-09
Deleted in trusty-proposed (Reason: moved to release)
pidgin (1:2.10.9-0ubuntu3) trusty; urgency=medium

  * debian/patches/xmessagingmenu.patch: change the .in file as well
    so the changes are not overwriten when regenerating
 -- Sebastien Bacher <email address hidden>   Wed, 09 Apr 2014 19:00:52 +0200
Superseded in trusty-release on 2014-04-09
Deleted in trusty-proposed on 2014-04-11 (Reason: moved to release)
pidgin (1:2.10.9-0ubuntu2) trusty; urgency=medium

  * debian/control: remove libgadu-dev from Build-Depends. Pidgin has been
    using its own libgadu since at least precise, and the useless
    dependency is pulling libgadu into main.
 -- Marc Deslauriers <email address hidden>   Mon, 10 Feb 2014 10:15:42 -0500
Superseded in trusty-release on 2014-02-10
Superseded in trusty-proposed on 2014-02-10
pidgin (1:2.10.9-0ubuntu1) trusty; urgency=medium

  * New upstream version, thanks Jackson Doak (lp: #1275113)
    CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479,
    CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484,
    CVE-2013-6485, CVE-2013-6486, CVE-2013-6487, CVE-2013-6489,
    CVE-2013-6490, CVE-2014-0020.
 -- Sebastien Bacher <email address hidden>   Thu, 06 Feb 2014 16:17:33 +0000
Published in quantal-updates on 2014-02-06
Published in quantal-security on 2014-02-06
pidgin (1:2.10.6-0ubuntu2.3) quantal-security; urgency=medium

  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020
 -- Marc Deslauriers <email address hidden>   Wed, 05 Feb 2014 15:56:07 -0500
Published in precise-updates on 2014-02-06
Published in precise-security on 2014-02-06
pidgin (1:2.10.3-0ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020
 -- Marc Deslauriers <email address hidden>   Wed, 05 Feb 2014 15:58:24 -0500
Published in saucy-updates on 2014-02-06
Published in saucy-security on 2014-02-06
pidgin (1:2.10.7-0ubuntu4.1.13.10.1) saucy-security; urgency=medium

  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020
 -- Marc Deslauriers <email address hidden>   Wed, 05 Feb 2014 15:08:01 -0500
Superseded in trusty-release on 2014-02-06
Deleted in trusty-proposed on 2014-02-08 (Reason: moved to release)
pidgin (1:2.10.7-0ubuntu4.2) trusty; urgency=low

  * Rebuild for Perl 5.18.
 -- Colin Watson <email address hidden>   Tue, 22 Oct 2013 12:18:43 +0100
Superseded in trusty-release on 2013-10-24
Published in saucy-release on 2013-04-25
Published in raring-release on 2013-04-23
Deleted in raring-proposed (Reason: moved to release)
pidgin (1:2.10.7-0ubuntu4.1) raring-proposed; urgency=low

  * Add hg-remove-SIGCHLD-handler.patch: Fix hanging on startup.
    Backport of upstream commit from 3.0 (LP: #1108056)
 -- Robert Hooker <email address hidden>   Sat, 20 Apr 2013 15:40:16 -0400
Superseded in raring-release on 2013-04-23
Deleted in raring-proposed on 2013-04-24 (Reason: moved to release)
pidgin (1:2.10.7-0ubuntu4) raring; urgency=low

  * Specified multiarch Tcl location, fixing FTBFS.
 -- Daniel T Chen <email address hidden>   Tue, 02 Apr 2013 17:31:12 -0400
Superseded in raring-release on 2013-04-03
Deleted in raring-proposed on 2013-04-04 (Reason: moved to release)
pidgin (1:2.10.7-0ubuntu3) raring; urgency=low

  * debian/patches/hg_no_cap_segfault.patch:
    - don't segfault when checking capabilities of contacts (lp: #1128768)
 -- Sebastien Bacher <email address hidden>   Thu, 28 Feb 2013 11:48:43 +0100
Published in lucid-updates on 2013-02-25
Published in lucid-security on 2013-02-25
pidgin (1:2.6.6-1ubuntu4.6) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274
 -- Marc Deslauriers <email address hidden>   Thu, 21 Feb 2013 13:07:35 -0500
Superseded in quantal-updates on 2014-02-06
Superseded in quantal-security on 2014-02-06
pidgin (1:2.10.6-0ubuntu2.2) quantal-security; urgency=low

  * SECURITY UPDATE: file overwrite via MXit crafted pathname
    - debian/patches/CVE-2013-0271.patch: properly escape filenames in
      libpurple/protocols/mxit/formcmds.c,
      libpurple/protocols/mxit/splashscreen.c.
    - CVE-2013-0271
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274
 -- Marc Deslauriers <email address hidden>   Thu, 21 Feb 2013 12:48:49 -0500
Superseded in precise-updates on 2014-02-06
Superseded in precise-security on 2014-02-06
pidgin (1:2.10.3-0ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: file overwrite via MXit crafted pathname
    - debian/patches/CVE-2013-0271.patch: properly escape filenames in
      libpurple/protocols/mxit/formcmds.c,
      libpurple/protocols/mxit/splashscreen.c.
    - CVE-2013-0271
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274
 -- Marc Deslauriers <email address hidden>   Thu, 21 Feb 2013 12:53:30 -0500
Published in oneiric-updates on 2013-02-25
Published in oneiric-security on 2013-02-25
pidgin (1:2.10.0-0ubuntu2.2) oneiric-security; urgency=low

  * SECURITY UPDATE: file overwrite via MXit crafted pathname
    - debian/patches/CVE-2013-0271.patch: properly escape filenames in
      libpurple/protocols/mxit/formcmds.c,
      libpurple/protocols/mxit/splashscreen.c.
    - CVE-2013-0271
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274
 -- Marc Deslauriers <email address hidden>   Thu, 21 Feb 2013 12:54:47 -0500
Superseded in raring-release on 2013-02-28
Deleted in raring-proposed on 2013-03-02 (Reason: moved to release)
pidgin (1:2.10.7-0ubuntu2) raring; urgency=low

  * debian/patches/git_pidgin-fix-irc.patch:
    - upstream patch for being able to use IRC with pidgin for those kind
      of users… (LP: #1128273)
 -- Didier Roche <email address hidden>   Thu, 21 Feb 2013 11:31:08 +0000
Superseded in raring-release on 2013-02-21
Deleted in raring-proposed on 2013-02-27 (Reason: moved to release)
pidgin (1:2.10.7-0ubuntu1) raring; urgency=low

  * New upstream version, includes fixes for those security issues:
    CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274
  * debian/patches/libnssckbi_path.patch:
    - dropped, the code has been replaced in the new version
 -- Sebastien Bacher <email address hidden>   Wed, 13 Feb 2013 18:49:58 +0100
Superseded in precise-updates on 2013-02-25
Deleted in precise-proposed on 2013-02-27 (Reason: moved to -updates)
pidgin (1:2.10.3-0ubuntu1.2) precise-proposed; urgency=low

  * debian/patches/pounce-webview.patch (LP: #1026442)
    -  Buddy pounce - send message window too short
 -- Ritesh Khadgaray <email address hidden>   Wed, 09 Jan 2013 17:50:06 +0530
Superseded in quantal-updates on 2013-02-25
Deleted in quantal-proposed on 2013-02-27 (Reason: moved to -updates)
pidgin (1:2.10.6-0ubuntu2.1) quantal-proposed; urgency=low

  * debian/patches/pounce-webview.patch (LP: #1026442)
    - Buddy pounce - send message window too short
 -- Ritesh Khadgaray <email address hidden>   Wed, 09 Jan 2013 19:37:14 +0530
Superseded in raring-release on 2013-02-14
Deleted in raring-proposed on 2013-02-16 (Reason: moved to release)
pidgin (1:2.10.6-0ubuntu4) raring; urgency=low

  * debian/patches/pounce-webview.patch (LP: #1026442)
    - Buddy pounce - send message window too short
 -- Ritesh Khadgaray <email address hidden>   Wed, 09 Jan 2013 19:37:14 +0530
Superseded in raring-release on 2013-01-23
Deleted in raring-proposed on 2013-01-25 (Reason: moved to release)
pidgin (1:2.10.6-0ubuntu3) raring; urgency=low

  * debian/patches/xmessagingmenu.patch:
    - use X-MessagingMenu-UsesChatSection in the desktop entry (lp: #1040259)
 -- Sebastien Bacher <email address hidden>   Fri, 16 Nov 2012 10:29:38 +0100
Superseded in raring-release on 2012-11-16
Published in quantal-release on 2012-09-18
pidgin (1:2.10.6-0ubuntu2) quantal; urgency=low

  * debian/control: fixed a typo for tcl and tk (LP: #1022935)
 -- John Kim <email address hidden>   Tue, 11 Sep 2012 18:51:33 -0700
Superseded in lucid-updates on 2013-02-25
Superseded in lucid-security on 2013-02-25
pidgin (1:2.6.6-1ubuntu4.5) lucid-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Information disclosure
    - debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
      when freeing memory containing security-sensitive data. Based on
      upstream patch.
    - CVE-2011-4922
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
      to UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <email address hidden>   Sun, 08 Jul 2012 18:14:21 -0500
Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
pidgin (1:2.7.11-1ubuntu2.2) natty-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to
      UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <email address hidden>   Sun, 08 Jul 2012 18:14:21 -0500
Superseded in oneiric-updates on 2013-02-25
Superseded in oneiric-security on 2013-02-25
pidgin (1:2.10.0-0ubuntu2.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Remote denial of service via nickname changes in XMPP
    chat rooms (LP: #958208)
    - debian/patches/CVE-2011-4939.patch: Ensure pointer is non-NULL prior to
      dereferencing it. Based on upstream patch.
    - CVE-2011-4939
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to
      UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
    transfer requests (LP: #996691)
    - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
      connection attempts. Based on upstream patch.
    - CVE-2012-2214
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <email address hidden>   Sun, 08 Jul 2012 18:14:21 -0500
Superseded in precise-updates on 2013-02-19
Superseded in precise-security on 2013-02-25
pidgin (1:2.10.3-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
    transfer requests (LP: #996691)
    - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
      connection attempts. Based on upstream patch.
    - CVE-2012-2214
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <email address hidden>   Sun, 08 Jul 2012 18:14:21 -0500
Superseded in quantal-release on 2012-09-18
Deleted in quantal-proposed on 2012-09-19 (Reason: moved to release)
pidgin (1:2.10.6-0ubuntu1) quantal-proposed; urgency=low

  * New upstream release
 -- Robert Ancell <email address hidden>   Mon, 09 Jul 2012 09:47:15 +1200
Superseded in quantal-release on 2012-07-09
Deleted in quantal-proposed on 2012-07-11 (Reason: moved to release)
pidgin (1:2.10.5-0ubuntu1) quantal-proposed; urgency=low

  * New upstream release
  * debian/libpurple0.symbols:
    - Updated
    - Remove debian revisions from symbols versions
 -- Robert Ancell <email address hidden>   Fri, 06 Jul 2012 10:59:45 +1200
Superseded in quantal-release on 2012-07-06
pidgin (1:2.10.4-0ubuntu1) quantal; urgency=low

  * New upstream release
  * debian/patches/irc_disable_periodic_who.patch:
  * debian/patches/70_farstream_rename.patch:
    - Applied upstream
 -- Robert Ancell <email address hidden>   Mon, 28 May 2012 17:21:44 +1200
Superseded in quantal-release on 2012-05-28
pidgin (1:2.10.3-0ubuntu2) quantal; urgency=low

  * debian/control:
    - Drop dependency on liblaunchpad-integration-dev
  * debian/patches/02_lpi.patch:
    - Dropped, we no longer do Launchpad integration
 -- Robert Ancell <email address hidden>   Tue, 15 May 2012 10:12:45 +1200
Superseded in quantal-release on 2012-05-14
Published in precise-release on 2012-04-07
pidgin (1:2.10.3-0ubuntu1) precise; urgency=low

  * update to new stable release, fixes (LP: #964210)
 -- Alexander Fougner <email address hidden>   Fri, 06 Apr 2012 10:03:13 +0200
Superseded in precise-release on 2012-04-07
pidgin (1:2.10.2-1ubuntu2) precise; urgency=low

  * debian/patches/70_farstream_rename.patch
    - updated patch from the upstream bug report
      http://developer.pidgin.im/ticket/14936
 -- Ken VanDine <email address hidden>   Wed, 04 Apr 2012 17:02:58 -0400
Superseded in precise-release on 2012-04-04
pidgin (1:2.10.2-1ubuntu1) precise; urgency=low

  * New upstream version based on the Debian update

Superseded in precise-release on 2012-03-16
pidgin (1:2.10.1-1ubuntu2) precise; urgency=low

  * debian/control
    - build depend on farstream instead of farsight, it was renamed upstream
  * debian/patches/70_farstream_rename.patch
    - updated for the transition from farsight to farstream
 -- Ken VanDine <email address hidden>   Mon, 05 Mar 2012 15:13:12 -0500
Superseded in precise-release on 2012-03-09
pidgin (1:2.10.1-1ubuntu1) precise; urgency=low

  * New upstream version based on the Debian update

Superseded in natty-updates on 2012-07-09
Superseded in natty-security on 2012-07-09
pidgin (1:2.7.11-1ubuntu2.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
    response size
    - debian/patches/70_CVE-2011-3184.patch: properly calculate size in
      libpurple/protocols/msn/httpconn.c.
    - CVE-2011-3184
  * SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
    sequence
    - debian/patches/71_CVE-2011-3594.patch: properly handle utf-8 in
      libpurple/protocols/silc/ops.c.
    - CVE-2011-3594
 -- Marc Deslauriers <email address hidden>   Fri, 18 Nov 2011 14:25:23 -0500
Superseded in lucid-updates on 2012-07-09
Superseded in lucid-security on 2012-07-09
pidgin (1:2.6.6-1ubuntu4.4) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service in Yahoo! protocol via malormed
    YMSG message
    - debian/patches/97_CVE-2011-1091.patch: validate messages in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2011-1091
  * SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
    response size
    - debian/patches/97_CVE-2011-3184.patch: properly calculate size in
      libpurple/protocols/msn/httpconn.c.
    - CVE-2011-3184
  * SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
    sequence
    - debian/patches/97_CVE-2011-3594.patch: properly handle utf-8 in
      libpurple/protocols/silc/ops.c.
    - CVE-2011-3594
 -- Marc Deslauriers <email address hidden>   Fri, 18 Nov 2011 14:48:36 -0500
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
pidgin (1:2.7.3-1ubuntu3.3) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service in Yahoo! protocol via malormed
    YMSG message
    - debian/patches/64_CVE-2011-1091.patch: validate messages in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2011-1091
  * SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
    response size
    - debian/patches/65_CVE-2011-3184.patch: properly calculate size in
      libpurple/protocols/msn/httpconn.c.
    - CVE-2011-3184
  * SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
    sequence
    - debian/patches/66_CVE-2011-3594.patch: properly handle utf-8 in
      libpurple/protocols/silc/ops.c.
    - CVE-2011-3594
 -- Marc Deslauriers <email address hidden>   Fri, 18 Nov 2011 14:40:50 -0500
Superseded in precise-release on 2012-01-05
pidgin (1:2.10.0-0ubuntu3) precise; urgency=low

  * Rebuild for Perl 5.14 (LP: #890845).
 -- Colin Watson <email address hidden>   Tue, 15 Nov 2011 21:05:59 +0000
Superseded in precise-release on 2011-11-15
Published in oneiric-release on 2011-09-24
pidgin (1:2.10.0-0ubuntu2) oneiric; urgency=low

  * debian/patches/irc_disable_periodic_who.patch: work around spontaneous
    disconnects from IRC due to 'Max SendQ exceeded' errors caused by periodic
    /who checks. (LP: #856631)
 -- Mathieu Trudel-Lapierre <email address hidden>   Fri, 23 Sep 2011 22:00:52 -0400
Superseded in oneiric-release on 2011-09-24
pidgin (1:2.10.0-0ubuntu1) oneiric; urgency=low

  * New upstream release.
  * debian/patches/60_1024x600_gtkprefs.c.patch: refreshed.
 -- Mathieu Trudel-Lapierre <email address hidden>   Thu, 25 Aug 2011 16:08:06 -0400
Superseded in oneiric-release on 2011-08-25
pidgin (1:2.9.0-3ubuntu1) oneiric; urgency=low

  * Merge with Debian; remaining changes: (LP: #802374)
    - debian/libpurple0.symbols: update symbols for epoch.
    - debian/patches/02_lpi.patch: add Launchpad integration support.
    - debian/patches/04_let_crasher_for_apport.patch: stop catching the SIGSEGV
      signal and let apport handle it.
    - debian/patches/05_default_to_irc_ubuntu_com.patch: set the default IRC
      server to irc.ubuntu.com.
    - debian/patches/10_docklet_default_off.patch: default behavior to have no
      notification area icon.
    - debian/patches/11_buddy_list_really_show.patch: the buddy list tries
      harder to appear.  This fixes some issues with it not appearing.
    - debian/patches/13_sounds_and_timers.patch: mute notification sounds for
      15 seconds at login time.
    - debian/patches/60_1024x600_gtk*.c.patch: add scrollbars into preferences
      and pounce dialogs
    - debian/prefs.xml: ship extra default settings for notifications, add
      the notification plugin by default and turn on logging by default.
    - debian/rules:
      - use autoreconf.
      - add translation domain for desktop file / update translations.
      - add launcher desktop file for indicator-messages.
    - debian/control:
      - add launchpad-integration, libtool, dh-autoreconf to Build-Depends.
      - drop pidgin-data Depends from libpurple0.
      - drop libpurple0 Depends from libpurple-bin.
      - add pidgin-libnotify as Recommends for pidgin binary.

Superseded in oneiric-release on 2011-07-29
pidgin (1:2.8.0-1ubuntu1) oneiric; urgency=low

  * Updated to the new version, backporting corresponding Debian revision
 -- Sebastien Bacher <email address hidden>   Thu, 16 Jun 2011 11:22:59 +0200
Superseded in oneiric-release on 2011-06-20
pidgin (1:2.7.11-1ubuntu4) oneiric; urgency=low

  * Clean debian-changes-2.7.11-1ubuntu1 from the previous upload
  * debian/control, debian/rules:
    - use dh-autoreconf since the lpi patch needs a configure update,
      thanks Michael Bienia for figuring that build issue
 -- Sebastien Bacher <email address hidden>   Thu, 19 May 2011 10:39:30 +0200
Superseded in oneiric-release on 2011-05-19
pidgin (1:2.7.11-1ubuntu3) oneiric; urgency=low

  * Rebuild for Perl 5.12.
 -- Colin Watson <email address hidden>   Tue, 10 May 2011 05:25:58 +0100
Superseded in oneiric-release on 2011-05-10
Obsolete in natty-release on 2013-06-04
pidgin (1:2.7.11-1ubuntu2) natty; urgency=low

  * Symbols were removed from libpurple-client.so.0 and are now only found in
    libpurple.so.0 (LP: #757311)
    - update debian/libpurple0.symbols
 -- Micah Gersten <email address hidden>   Mon, 11 Apr 2011 04:31:49 -0500
Superseded in natty-release on 2011-04-11
pidgin (1:2.7.11-1ubuntu1) natty; urgency=low

  * Merge from Debian unstable (LP: #757146), remaining changes:
    + debian/control:
      - Add libtool and liblaunchpad-integration-dev build depends
      - Bump standards version
      - Relax binary depends on pidgin versions
      - Add pidgin-libnotify as Recommends for pidgin binary
      - Fix description of pidgin binary
      - Don't have libpurple-bin depend on libpurple0
    + debian/libpurple0.symbols: add epoch to appropriate symbols
    + Add debian/patches:
      - 02_lpi.patch
      - 04_let_crasher_for_apport.patch
      - 05_default_to_irc_ubuntu_com.patch
      - 10_docklet_default_off.patch
      - 11_buddy_list_really_show.patch
      - 13_sounds_and_timers.patch
      - 60_1024x600_gtkpounce.c.patch
      - 60_1024x600_gtkprefs.c.patch
    + debian/prefs.xml: add notification prefs
    + debian/rules:
      - Add translation domain to desktop file with gettext
      - Add the launcher for pidgin

  * Add configure check for launchpad integration attached to the gtk check since
    upstream dropped the startup notification check which is where this check was
    previously
    - update debian/patches/02_lpi.patch

Superseded in natty-release on 2011-04-11
pidgin (1:2.7.9-1ubuntu2) natty; urgency=low

  * debian/control: Have pidgin-data Replaces: pidgin-facebookchat, as they
    both ship the same icon. (LP: #697097)
 -- Martin Pitt <email address hidden>   Sun, 09 Jan 2011 06:30:48 -0600
Superseded in natty-release on 2011-01-09
pidgin (1:2.7.9-1ubuntu1) natty; urgency=low

  * Resynchronize on Debian
 -- Sebastien Bacher <email address hidden>   Mon, 03 Jan 2011 16:36:53 +0100
Superseded in lucid-updates on 2011-11-21
Deleted in lucid-proposed on 2011-11-23 (Reason: moved to -updates)
pidgin (1:2.6.6-1ubuntu4.3) lucid-proposed; urgency=low

  * Apply upstream patch related to ICQ server changes. Thanks to
    Stephen Leavitt for digging out the patch (LP: #683076)
    - add debian/patches/95_icq_server_split_fix.patch
    - add debian/patches/96_icq_server_migration.patch
 -- Chris Coulson <email address hidden>   Mon, 13 Dec 2010 10:21:49 +0000
Superseded in natty-release on 2011-01-03
pidgin (1:2.7.7-1ubuntu1) natty; urgency=low

  * New upstream version, drop msn workaround

Superseded in lucid-updates on 2011-01-28
Deleted in lucid-proposed on 2011-01-29 (Reason: moved to -updates)
pidgin (1:2.6.6-1ubuntu4.2) lucid-proposed; urgency=low

  * debian/patches/workaround-msn-ssl-failure.patch: Workaround SSL
      connectivity issues with MSN (LP: #676972)
 -- Roel Huybrechts <email address hidden>   Wed, 24 Nov 2010 18:58:18 +0100
Superseded in natty-release on 2010-12-02
pidgin (1:2.7.5-1ubuntu3) natty; urgency=low

  * debian/patches/13_sounds_and_timers.patch: Squash debian-changes-*
    patch onto this one, was presumably split up by accident
  * debian/patches/workaround-msn-ssl-failure.patch: Workaround SSL
    connectivity issues with MSN (LP: #676972)
 -- Chow Loong Jin <email address hidden>   Fri, 19 Nov 2010 20:49:42 +0800
Superseded in maverick-updates on 2011-11-21
Deleted in maverick-proposed on 2011-11-23 (Reason: moved to -updates)
pidgin (1:2.7.3-1ubuntu3.2) maverick-proposed; urgency=low

  [ Chow Loong Jin ]
  * debian/patches/workaround-msn-ssl-failure.patch: Workaround SSL
    connectivity issues with MSN (LP: #676972)

  [ Felix Geyer ]
  * debian/patches/62_icq_server_changes.patch: Adapt to ICQ server changes.
  * debian/patches/63_icq_server_migration.patch: Migrate existing accounts to
    the new login server names. (LP: #675903)
 -- Felix Geyer <email address hidden>   Sat, 20 Nov 2010 13:37:00 +0100
Superseded in natty-release on 2010-11-22
pidgin (1:2.7.5-1ubuntu2) natty; urgency=low

  * debian/rules: Call dh_perl with -d to avoid Perl dependency. The shipped
    perl module only uses modules from perl-base.
 -- Martin Pitt <email address hidden>   Tue, 09 Nov 2010 14:02:05 +0100
Superseded in natty-release on 2010-11-09
pidgin (1:2.7.5-1ubuntu1) natty; urgency=low

  * Resync on Debian

Published in hardy-updates on 2010-11-04
Published in hardy-security on 2010-11-04
pidgin (1:2.4.1-1ubuntu2.10) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/94_security_CVE-2010-1624.patch: make sure body is
      valid in libpurple/protocols/{msn,msnp9}/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_security_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/protocols/{jabber/auth.c,msn/slp.c,msnp9/slp.c,
      myspace/message.c,yahoo/yahoo.c}.
    - CVE-2010-3711
 -- Marc Deslauriers <email address hidden>   Wed, 03 Nov 2010 09:36:41 -0400
Obsolete in karmic-updates on 2013-03-04
Obsolete in karmic-security on 2013-03-04
pidgin (1:2.6.2-1ubuntu7.3) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/68_CVE-2010-1624.patch: make sure body is valid in
      libpurple/protocols/msn/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/69_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/plugins/perl/common/Util.xs,
      libpurple/protocols/{jabber/auth.c,msn/slp.c,myspace/message.c,
      oscar/clientlogin.c,qq/im.c,yahoo/libymsg.c}.
    - CVE-2010-3711
 -- Marc Deslauriers <email address hidden>   Wed, 03 Nov 2010 09:02:12 -0400
Superseded in lucid-updates on 2010-11-29
Superseded in lucid-security on 2011-11-21
pidgin (1:2.6.6-1ubuntu4.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/93_CVE-2010-1624.patch: make sure body is valid in
      libpurple/protocols/msn/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/plugins/perl/common/Util.xs,
      libpurple/protocols/{jabber/auth_digest_md5.c,msn/slp.c,
      myspace/message.c,oscar/clientlogin.c,qq/im.c,yahoo/libymsg.c}.
    - CVE-2010-3711
 -- Marc Deslauriers <email address hidden>   Wed, 03 Nov 2010 08:51:08 -0400
Superseded in maverick-updates on 2010-11-23
Superseded in maverick-security on 2011-11-21
pidgin (1:2.7.3-1ubuntu3.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/61_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/plugins/perl/common/Util.xs,
      libpurple/protocols/{jabber/auth_digest_md5.c,msn/slp.c,
      myspace/message.c,oscar/clientlogin.c,qq/im.c,yahoo/libymsg.c}.
    - CVE-2010-3711
 -- Marc Deslauriers <email address hidden>   Tue, 02 Nov 2010 17:17:40 -0400
Superseded in natty-release on 2010-11-08
Obsolete in maverick-release on 2013-03-05
pidgin (1:2.7.3-1ubuntu3) maverick; urgency=low

  * Include upstream bugfix (bug 12629) for Bonjour support (LP: #641344)
 -- Stephane Graber <email address hidden>   Tue, 21 Sep 2010 08:31:16 -0400
Superseded in maverick-release on 2010-09-21
pidgin (1:2.7.3-1ubuntu2) maverick; urgency=low

  [ K. Vishnoo Charan Reddy ]
  * debian/control:
   - Improve package description for pidgin (LP: #259793)
 -- Robert Ancell <email address hidden>   Thu, 02 Sep 2010 17:29:43 +1000
Superseded in maverick-release on 2010-09-03
pidgin (1:2.7.3-1ubuntu1) maverick; urgency=low

  * Resync on Debian, workaround build issue (lp:#600952)
  * debian/control:
    - Build-Depends on liblaunchpad-integration-dev
    - Drop libpurple0 dependency from libpurple-bin
    - Drop pidgin-data dependency from libpurple0
    - Recommends pidgin-libnotify
  * debian/libpurple0.symbols:
    - add epochs
  * debian/patches/02_lpi.patch:
    - launchpad integration
  * debian/patches/04_let_crasher_for_apport.patch:
    - stop catching the SIGSEGV signal and let apport handle it
  * debian/patches/05_default_to_irc_ubuntu_com.patch:
    - set the default IRC server to irc.ubuntu.com
  * debian/patches/10_docklet_default_off.patch:
    - default behavior to have no notification area icon.
  * debian/patches/11_buddy_list_really_show.patch:
    - the buddy list tries harder to appear.  This fixes some issues with it
      not appearing.
  * debian/patches/ 13_sounds_and_timers.patch:
    - adjusts the time out for sounds to be 15 seconds,
      which helps get fewer spurious login notifications on slow connections.
  * debian/patches/60_1024x600_gtk*.c.patch:
    - add scrollbars into preferences and pounce dialogs
  * debian/prefs.xml:
    - Update to set the notify plugin prefs /plugins/gtk/X11/notify/*,
      set /pidgin/plugins/loaded to load the notify plugin and enable
      the standard logging options by default
  * debian/rules:
    - install a launcher in the message indicator
    - set translation domain and update template
    - use simple-patchsys rules

Superseded in maverick-release on 2010-08-11
pidgin (1:2.7.2-1ubuntu1) maverick; urgency=low

  * Resync on Debian

Superseded in maverick-release on 2010-07-27
pidgin (1:2.7.1-1ubuntu2) maverick; urgency=low

  * debian/control: build-depends on libtool
 -- Sebastien Bacher <email address hidden>   Tue, 06 Jul 2010 13:24:00 +0200
Superseded in maverick-release on 2010-07-06
pidgin (1:2.7.1-1ubuntu1) maverick; urgency=low

  * Resync on Debian, workaround build issue (lp:#600952)
  * debian/control:
    - Build-Depends on liblaunchpad-integration-dev
    - Drop libpurple0 dependency from libpurple-bin
    - Drop pidgin-data dependency from libpurple0
    - Recommends pidgin-libnotify
  * debian/libpurple0.symbols:
    - add epochs
  * debian/patches/02_lpi.patch:
    - launchpad integration
  * debian/patches/04_let_crasher_for_apport.patch:
    - stop catching the SIGSEGV signal and let apport handle it
  * debian/patches/05_default_to_irc_ubuntu_com.patch:
    - set the default IRC server to irc.ubuntu.com
  * debian/patches/10_docklet_default_off.patch:
    - default behavior to have no notification area icon.
  * debian/patches/11_buddy_list_really_show.patch:
    - the buddy list tries harder to appear.  This fixes some issues with it
      not appearing.
  * debian/patches/ 13_sounds_and_timers.patch:
    - adjusts the time out for sounds to be 15 seconds,
      which helps get fewer spurious login notifications on slow connections.
  * debian/patches/60_1024x600_gtk*.c.patch:
    - add scrollbars into preferences and pounce dialogs
  * debian/prefs.xml:
    - Update to set the notify plugin prefs /plugins/gtk/X11/notify/*,
      set /pidgin/plugins/loaded to load the notify plugin and enable
      the standard logging options by default
  * debian/rules:
    - install a launcher in the message indicator
    - set translation domain and update template
    - use simple-patchsys rules

Superseded in maverick-release on 2010-07-05
Published in lucid-release on 2010-03-09
pidgin (1:2.6.6-1ubuntu4) lucid; urgency=low

  * debian/patches/92_gtkstatusicon_blink.patch: add blink support to
    GtkStatusIcon backport.
  * debian/patches/62_tray_icon_size_kde.patch: removed as no longer
    needed with GtkStatusIcon support.
 -- Marc Deslauriers <email address hidden>   Tue, 09 Mar 2010 12:48:28 -0500
Superseded in lucid-release on 2010-03-09
pidgin (1:2.6.6-1ubuntu3) lucid; urgency=low

  * debian/patches/91_gtkstatusicon_backport.patch: backport GtkStatusIcon
    support to get proper icon transparency with new default theme.
    (LP: #532789)
  * debian/pidgin-data.links: symlink pixmaps to location GtkStatusIcon
    expects them to be.
 -- Marc Deslauriers <email address hidden>   Fri, 05 Mar 2010 23:11:32 -0500
Superseded in lucid-release on 2010-03-08
pidgin (1:2.6.6-1ubuntu2) lucid; urgency=low

  * debian/patches/90_icq_login_fix.patch:
    - upstream change to fix aim and icq login issues when clientlogin is used
      which is the case in empathy by default (lp: #524221, #526146)
 -- Sebastien Bacher <email address hidden>   Wed, 24 Feb 2010 00:39:26 +0100
Superseded in hardy-updates on 2010-11-04
Superseded in hardy-security on 2010-11-04
pidgin (1:2.4.1-1ubuntu2.9) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/94_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/94_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/94_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423
 -- Marc Deslauriers <email address hidden>   Thu, 18 Feb 2010 14:57:08 -0500
Obsolete in intrepid-updates on 2013-02-20
Obsolete in intrepid-security on 2013-02-20
pidgin (1:2.5.2-0ubuntu1.7) intrepid-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/93_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/93_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/93_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423
 -- Marc Deslauriers <email address hidden>   Thu, 18 Feb 2010 14:45:12 -0500
Obsolete in jaunty-updates on 2013-02-28
Obsolete in jaunty-security on 2013-02-28
pidgin (1:2.5.5-1ubuntu8.6) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/85_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/86_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/87_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423
 -- Marc Deslauriers <email address hidden>   Thu, 18 Feb 2010 14:37:45 -0500
Superseded in karmic-updates on 2010-11-04
Superseded in karmic-security on 2010-11-04
pidgin (1:2.6.2-1ubuntu7.2) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/65_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/66_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/67_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423
 -- Marc Deslauriers <email address hidden>   Thu, 18 Feb 2010 13:44:53 -0500
Superseded in lucid-release on 2010-02-24
pidgin (1:2.6.6-1ubuntu1) lucid; urgency=low

  * Resync on Debian
 -- Sebastien Bacher <email address hidden>   Thu, 18 Feb 2010 23:51:45 +0100
Superseded in lucid-release on 2010-02-19
pidgin (1:2.6.5-2ubuntu1) lucid; urgency=low

  * Sync on Debian
    - fix login on aim and icq (lp: #506647)
  * debian/control:
    - Build-Depends on liblaunchpad-integration-dev and libtool
    - Drop libpurple0 dependency from libpurple-bin
    - Drop pidgin-data dependency from libpurple0
    - Recommends pidgin-libnotify
  * debian/libpurple0.symbols:
    - add epochs
  * debian/patches/02_lpi.patch:
    - launchpad integration
  * debian/patches/04_let_crasher_for_apport.patch:
    - stop catching the SIGSEGV signal and let apport handle it
  * debian/patches/05_default_to_irc_ubuntu_com.patch:
    - set the default IRC server to irc.ubuntu.com
  * debian/patches/10_docklet_default_off.patch:
    - default behavior to have no notification area icon.
  * debian/patches/11_buddy_list_really_show.patch:
    - the buddy list tries harder to appear.  This fixes some issues with it
      not appearing.
  * debian/patches/ 13_sounds_and_timers.patch:
    - adjusts the time out for sounds to be 15 seconds,
      which helps get fewer spurious login notifications on slow connections.
  * debian/patches/60_1024x600_gtk*.c.patch:
    - add scrollbars into preferences and pounce dialogs
  * debian/patches/62_tray_icon_size_kde.patch:
    - always use default tray icon size on KDE
  * debian/prefs.xml:
    - Update to set the notify plugin prefs /plugins/gtk/X11/notify/*,
      set /pidgin/plugins/loaded to load the notify plugin and enable
      the standard logging options by default
  * debian/rules:
    - install a launcher in the message indicator
    - set translation domain and update template
    - use simple-patchsys rules

Superseded in karmic-updates on 2010-02-22
Superseded in karmic-security on 2010-02-22
pidgin (1:2.6.2-1ubuntu7.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/63_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/64_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c.
    - CVE-2010-0013
 -- Marc Deslauriers <email address hidden>   Thu, 14 Jan 2010 11:22:13 -0500
175 of 162 results