pidgin 1:2.4.1-1ubuntu2.2 source package in Ubuntu

Changelog

pidgin (1:2.4.1-1ubuntu2.2) hardy-security; urgency=low

  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/71_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c and src/
      protocols/msnp9/slplink.c by checking against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/72_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/73_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/74_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

 -- Marc Deslauriers <email address hidden>   Thu, 20 Nov 2008 19:58:43 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2008-11-21
Uploaded to:
Hardy
Original maintainer:
Ubuntu Core Development Team
Component:
main
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
pidgin_2.4.1.orig.tar.gz 12.7 MiB 25e3593d5e6bfc17911111475a057778
pidgin_2.4.1-1ubuntu2.2.diff.gz 65.2 KiB 5928aa79ba1425f6171ff2498ed82c57
pidgin_2.4.1-1ubuntu2.2.dsc 1.5 KiB be09a810e567b6d5e9c0e699ea6f6d35

View changes file

Binary packages built by this source

finch: No summary available for finch in ubuntu hardy.

No description available for finch in ubuntu hardy.

finch-dev: No summary available for finch-dev in ubuntu hardy.

No description available for finch-dev in ubuntu hardy.

gaim: No summary available for gaim in ubuntu hardy.

No description available for gaim in ubuntu hardy.

libpurple-bin: No summary available for libpurple-bin in ubuntu hardy.

No description available for libpurple-bin in ubuntu hardy.

libpurple-dev: No summary available for libpurple-dev in ubuntu hardy.

No description available for libpurple-dev in ubuntu hardy.

libpurple0: No summary available for libpurple0 in ubuntu hardy.

No description available for libpurple0 in ubuntu hardy.

pidgin: No summary available for pidgin in ubuntu hardy.

No description available for pidgin in ubuntu hardy.

pidgin-data: No summary available for pidgin-data in ubuntu hardy.

No description available for pidgin-data in ubuntu hardy.

pidgin-dbg: No summary available for pidgin-dbg in ubuntu hardy.

No description available for pidgin-dbg in ubuntu hardy.

pidgin-dev: No summary available for pidgin-dev in ubuntu hardy.

No description available for pidgin-dev in ubuntu hardy.