pidgin 1:2.10.0-0ubuntu2.1 source package in Ubuntu

Changelog

pidgin (1:2.10.0-0ubuntu2.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Remote denial of service via nickname changes in XMPP
    chat rooms (LP: #958208)
    - debian/patches/CVE-2011-4939.patch: Ensure pointer is non-NULL prior to
      dereferencing it. Based on upstream patch.
    - CVE-2011-4939
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to
      UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
    transfer requests (LP: #996691)
    - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
      connection attempts. Based on upstream patch.
    - CVE-2012-2214
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <email address hidden>   Sun, 08 Jul 2012 18:14:21 -0500

Upload details

Uploaded by:
Tyler Hicks on 2012-07-09
Uploaded to:
Oneiric
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
pidgin_2.10.0.orig.tar.bz2 9.5 MiB e1453c9093c4f32beec19abd14069a3f
pidgin_2.10.0-0ubuntu2.1.debian.tar.gz 71.9 KiB dbef5af1c804c9246c712d7cb7b0957f
pidgin_2.10.0-0ubuntu2.1.dsc 2.6 KiB a98c3094412d06bdceaa6fb9d421779c

View changes file

Binary packages built by this source

finch: No summary available for finch in ubuntu oneiric.

No description available for finch in ubuntu oneiric.

finch-dev: No summary available for finch-dev in ubuntu oneiric.

No description available for finch-dev in ubuntu oneiric.

libpurple-bin: No summary available for libpurple-bin in ubuntu oneiric.

No description available for libpurple-bin in ubuntu oneiric.

libpurple-dev: No summary available for libpurple-dev in ubuntu oneiric.

No description available for libpurple-dev in ubuntu oneiric.

libpurple0: No summary available for libpurple0 in ubuntu oneiric.

No description available for libpurple0 in ubuntu oneiric.

pidgin: No summary available for pidgin in ubuntu oneiric.

No description available for pidgin in ubuntu oneiric.

pidgin-data: No summary available for pidgin-data in ubuntu oneiric.

No description available for pidgin-data in ubuntu oneiric.

pidgin-dbg: No summary available for pidgin-dbg in ubuntu oneiric.

No description available for pidgin-dbg in ubuntu oneiric.

pidgin-dev: No summary available for pidgin-dev in ubuntu oneiric.

No description available for pidgin-dev in ubuntu oneiric.