pidgin 1:2.10.3-0ubuntu1.4 source package in Ubuntu
Changelog
pidgin (1:2.10.3-0ubuntu1.4) precise-security; urgency=medium * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding - debian/patches/CVE-2012-6152.patch: validate strings as utf-8 before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases, yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c. - CVE-2012-6152 * SECURITY UPDATE: crash via bad XMPP timestamp - debian/patches/CVE-2013-6477.patch: properly handle invalid timestamps in libpurple/{conversation,log,server}.c. - CVE-2013-6477 * SECURITY UPDATE: crash via hovering pointer over long URL - debian/patches/CVE-2013-6478.patch: set max lengths in pidgin/gtkimhtml.c. - CVE-2013-6478 * SECURITY UPDATE: remote crash via HTTP response parsing - debian/patches/CVE-2013-6479.patch: don't implicitly trust Content-Length in libpurple/util.c. - CVE-2013-6479 * SECURITY UPDATE: remote crash via yahoo P2P message - debian/patches/CVE-2013-6481.patch: perform bounds checking in libpurple/protocols/yahoo/libymsg.c. - CVE-2013-6481 * SECURITY UPDATE: crashes via MSN NULL pointer dereferences - debian/patches/CVE-2013-6482.patch: fix NULL pointers in libpurple/protocols/msn/{msg,oim,soap}.c. - CVE-2013-6482 * SECURITY UPDATE: iq reply spoofing via incorrect from verification - debian/patches/CVE-2013-6483.patch: verify from field on iq replies in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}. - CVE-2013-6483 * SECURITY UPDATE: crash via response from STUN server - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c. - CVE-2013-6484 * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing - debian/patches/CVE-2013-6485.patch: limit chunk size in libpurple/util.c. - CVE-2013-6485 * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing - debian/patches/CVE-2013-6487.patch: limit length in libpurple/protocols/gg/lib/http.c. - CVE-2013-6487 * SECURITY UPDATE: buffer overflow in MXit emoticon parsing - debian/patches/CVE-2013-6489.patch: check return code in libpurple/protocols/mxit/markup.c. - CVE-2013-6489 * SECURITY UPDATE: buffer overflow in SIMPLE header parsing - debian/patches/CVE-2013-6490.patch: use g_new in libpurple/protocols/simple/simple.c and check length in libpurple/protocols/simple/sipmsg.c. - CVE-2013-6490 * SECURITY UPDATE: crash via IRC argument parsing - debian/patches/CVE-2014-0020.patch: fix arg handling in libpurple/protocols/irc/msgs.c, fix counts in libpurple/protocols/irc/parse.c. - CVE-2014-0020 -- Marc Deslauriers <email address hidden> Wed, 05 Feb 2014 15:58:24 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Precise
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
pidgin_2.10.3.orig.tar.bz2 | 9.5 MiB | 0f67d96231fea3945c2735e6a3b4bd92590ef489fa1511fa69aa6a543cb4168b |
pidgin_2.10.3-0ubuntu1.4.debian.tar.gz | 97.2 KiB | 20130932346bb944141b6bfa6d3be9e7c1f5ddb81a61d21e6d62dab277a470e1 |
pidgin_2.10.3-0ubuntu1.4.dsc | 2.9 KiB | 6e7e14df9af790887647d2d9e787703b667565e26aa02304918a26caf0ee429a |
Available diffs
Binary packages built by this source
- finch: text-based multi-protocol instant messaging client
Finch is a text/console-based, modular instant messaging client capable of
using multiple networks at once. Currently supported are:
AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP/Google Talk, Napster, Zephyr, Gadu-Gadu,
Bonjour, Groupwise, Sametime, SIMPLE, MySpaceIM, and MXit.
.
Some extra packages are suggested to use increased functionality:
* libx11-6
- To use the Clipboard and/or Toaster plugins.
- finch-dev: text-based multi-protocol instant messaging client - development
This package contains the headers and other development files not included in
the main finch package. Install this if you wish to compile your own plugins,
or would like to compile programs that use the libgnt library.
- libpurple-bin: multi-protocol instant messaging library - extra utilities
This package contains the utilities not included in the main libpurple0
package. Currently included are: purple-remote, purple-send,
purple-send-async, and purple-url-handler.
- libpurple-dev: multi-protocol instant messaging library - development files
This package contains the headers and other development files not included in
the main libpurple0 package. Install this if you wish to compile your own
client-agnostic plugins, or would like to compile programs that use
libpurple.
- libpurple0: multi-protocol instant messaging library
libpurple is a library intended to be used by programmers seeking
to write an IM client that connects to many IM networks.
Currently supported are:
AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP/Google Talk, Napster, Zephyr, Gadu-Gadu,
Bonjour, Groupwise, Sametime, SIMPLE, MySpaceIM, and MXit.
.
Some extra packages are suggested to use increased functionality:
* tcl8.4, tk8.4:
- Support for writing plugins with Tcl/Tk
- pidgin: graphical multi-protocol instant messaging client for X
Pidgin is a graphical, modular instant messaging client capable of using
multiple networks at once. Currently supported are:
AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP/Google Talk, Napster, Zephyr, Gadu-Gadu,
Bonjour, Groupwise, Sametime, SIMPLE, MySpaceIM, and MXit.
.
Some extra packages are suggested to use increased functionality:
* gnome-panel | kdebase-workspace- bin | docker:
- To use the system tray icon functionality (minimizing to an icon, having
the icon blink when there are new messages, etc.)
* libsqlite3-0:
- To use Contact Availability Prediction plugin
- pidgin-data: multi-protocol instant messaging client - data files
This package contains architecture-
independent supporting data files
required for use with pidgin, such as documentation, icons, translations,
and sounds.
- pidgin-dbg: Debugging symbols for Pidgin
This package includes the debugging symbols useful for debugging Pidgin
and its plugins, contained in the pidgin package. The debugging symbols are
used for execution tracing and core dump analysis.
- pidgin-dev: multi-protocol instant messaging client - development files
This package contains the headers and other development files not included in
the main pidgin package. Install this if you wish to compile your own plugins.
.
If you are creating a pidgin plugin package, please be sure to read
/usr/share/doc/pidgin- dev/README. Debian. dev after installing pidgin-dev.