Ubuntu
pidgin package

pidgin 1:2.10.3-0ubuntu1.4 source package in Ubuntu

Changelog

pidgin (1:2.10.3-0ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020
 -- Marc Deslauriers <email address hidden>   Wed, 05 Feb 2014 15:58:24 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
pidgin_2.10.3.orig.tar.bz2 9.5 MiB 0f67d96231fea3945c2735e6a3b4bd92590ef489fa1511fa69aa6a543cb4168b
pidgin_2.10.3-0ubuntu1.4.debian.tar.gz 97.2 KiB 20130932346bb944141b6bfa6d3be9e7c1f5ddb81a61d21e6d62dab277a470e1
pidgin_2.10.3-0ubuntu1.4.dsc 2.9 KiB 6e7e14df9af790887647d2d9e787703b667565e26aa02304918a26caf0ee429a

View changes file

Binary packages built by this source

finch: text-based multi-protocol instant messaging client

 Finch is a text/console-based, modular instant messaging client capable of
 using multiple networks at once. Currently supported are:
 AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP/Google Talk, Napster, Zephyr, Gadu-Gadu,
 Bonjour, Groupwise, Sametime, SIMPLE, MySpaceIM, and MXit.
 .
 Some extra packages are suggested to use increased functionality:
  * libx11-6
    - To use the Clipboard and/or Toaster plugins.

finch-dev: text-based multi-protocol instant messaging client - development

 This package contains the headers and other development files not included in
 the main finch package. Install this if you wish to compile your own plugins,
 or would like to compile programs that use the libgnt library.

libpurple-bin: multi-protocol instant messaging library - extra utilities

 This package contains the utilities not included in the main libpurple0
 package. Currently included are: purple-remote, purple-send,
 purple-send-async, and purple-url-handler.

libpurple-dev: multi-protocol instant messaging library - development files

 This package contains the headers and other development files not included in
 the main libpurple0 package. Install this if you wish to compile your own
 client-agnostic plugins, or would like to compile programs that use
 libpurple.

libpurple0: multi-protocol instant messaging library

 libpurple is a library intended to be used by programmers seeking
 to write an IM client that connects to many IM networks.
 Currently supported are:
 AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP/Google Talk, Napster, Zephyr, Gadu-Gadu,
 Bonjour, Groupwise, Sametime, SIMPLE, MySpaceIM, and MXit.
 .
 Some extra packages are suggested to use increased functionality:
  * tcl8.4, tk8.4:
    - Support for writing plugins with Tcl/Tk

pidgin: graphical multi-protocol instant messaging client for X

 Pidgin is a graphical, modular instant messaging client capable of using
 multiple networks at once. Currently supported are:
 AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP/Google Talk, Napster, Zephyr, Gadu-Gadu,
 Bonjour, Groupwise, Sametime, SIMPLE, MySpaceIM, and MXit.
 .
 Some extra packages are suggested to use increased functionality:
  * gnome-panel | kdebase-workspace-bin | docker:
    - To use the system tray icon functionality (minimizing to an icon, having
      the icon blink when there are new messages, etc.)
  * libsqlite3-0:
    - To use Contact Availability Prediction plugin

pidgin-data: multi-protocol instant messaging client - data files

 This package contains architecture-independent supporting data files
 required for use with pidgin, such as documentation, icons, translations,
 and sounds.

pidgin-dbg: Debugging symbols for Pidgin

 This package includes the debugging symbols useful for debugging Pidgin
 and its plugins, contained in the pidgin package. The debugging symbols are
 used for execution tracing and core dump analysis.

pidgin-dev: multi-protocol instant messaging client - development files

 This package contains the headers and other development files not included in
 the main pidgin package. Install this if you wish to compile your own plugins.
 .
 If you are creating a pidgin plugin package, please be sure to read
 /usr/share/doc/pidgin-dev/README.Debian.dev after installing pidgin-dev.