pidgin 1:2.10.6-0ubuntu2.3 source package in Ubuntu

Changelog

pidgin (1:2.10.6-0ubuntu2.3) quantal-security; urgency=medium

  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020
 -- Marc Deslauriers <email address hidden>   Wed, 05 Feb 2014 15:56:07 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2014-02-05
Uploaded to:
Quantal
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
pidgin_2.10.6.orig.tar.bz2 9.5 MiB 3e25a633b97cbfa8326999a30282e7a662a9b9bbf2853be84af0b8fb60392c96
pidgin_2.10.6-0ubuntu2.3.debian.tar.gz 89.9 KiB cae42bef8fadd31b14cb9e830c147f0605f026bc052055fa7b567eeff7e6546a
pidgin_2.10.6-0ubuntu2.3.dsc 2.8 KiB e69dd40cb6acfa0f9d947108443f3ef303e9a8b865fc348a7fcb237aadda2748

View changes file

Binary packages built by this source

finch: No summary available for finch in ubuntu quantal.

No description available for finch in ubuntu quantal.

finch-dev: No summary available for finch-dev in ubuntu quantal.

No description available for finch-dev in ubuntu quantal.

libpurple-bin: No summary available for libpurple-bin in ubuntu quantal.

No description available for libpurple-bin in ubuntu quantal.

libpurple-dev: No summary available for libpurple-dev in ubuntu quantal.

No description available for libpurple-dev in ubuntu quantal.

libpurple0: No summary available for libpurple0 in ubuntu quantal.

No description available for libpurple0 in ubuntu quantal.

pidgin: No summary available for pidgin in ubuntu quantal.

No description available for pidgin in ubuntu quantal.

pidgin-data: No summary available for pidgin-data in ubuntu quantal.

No description available for pidgin-data in ubuntu quantal.

pidgin-dbg: No summary available for pidgin-dbg in ubuntu quantal.

No description available for pidgin-dbg in ubuntu quantal.

pidgin-dev: No summary available for pidgin-dev in ubuntu quantal.

No description available for pidgin-dev in ubuntu quantal.