pidgin 1:2.4.1-1ubuntu2.2 source package in Ubuntu

Changelog

pidgin (1:2.4.1-1ubuntu2.2) hardy-security; urgency=low

  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/71_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c and src/
      protocols/msnp9/slplink.c by checking against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/72_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/73_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/74_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

 -- Marc Deslauriers <email address hidden>   Thu, 20 Nov 2008 19:58:43 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2008-11-21
Uploaded to:
Hardy
Original maintainer:
Ubuntu Core Development Team
Component:
main
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
pidgin_2.4.1.orig.tar.gz 12.7 MiB 25e3593d5e6bfc17911111475a057778
pidgin_2.4.1-1ubuntu2.2.diff.gz 65.2 KiB 5928aa79ba1425f6171ff2498ed82c57
pidgin_2.4.1-1ubuntu2.2.dsc 1.5 KiB be09a810e567b6d5e9c0e699ea6f6d35

View changes file

Binary packages built by this source

finch: text-based multi-protocol instant messaging client

 Finch is a text/console-based, modular instant messaging client capable of
 using AIM/ICQ, Yahoo!, MSN, IRC, Jabber, Napster, Zephyr, Gadu-Gadu, Bonjour,
 Groupwise, Sametime, SILC, and SIMPLE all at once.
 .
 Some extra packages are recommended to use the core functionality present
 in most finch installations:
  * gstreamer0.10-plugins-base, gstreamer0.10-plugins-good
    - Sound support.

finch-dev: text-based multi-protocol instant messaging client - development

 This package contains the headers and other development files not included in
 the main finch package. Install this if you wish to compile your own plugins,
 or would like to compile programs that use the libgnt library.

gaim: transitional package to Pidgin

 This dummy package is provided to smooth the upgrade from Gaim to Pidgin. It
 contains compatibility links from /usr/bin/gaim and related programs to the
 newly-named programs. If you no longer need these links, this package can be
 safely removed.

libpurple-bin: multi-protocol instant messaging library - extra utilities

 This package contains the utilities not included in the main libpurple0
 package. Currently included are: purple-remote, purple-send,
 purple-send-async, and purple-url-handler

libpurple-dev: multi-protocol instant messaging library - development files

 This package contains the headers and other development files not included in
 the main libpurple0 package. Install this if you wish to compile your own
 client-agnostic plugins, or would like to compile programs that use
 libpurple.

libpurple0: multi-protocol instant messaging library

 libpurple is a library intended to be used by programmers seeking
 to write an IM client that connects to many IM networks.
 Currently supported are: AIM/ICQ, Yahoo!, MSN, IRC, Jabber, Napster, Zephyr,
 Gadu-Gadu, Bonjour, Groupwise, Sametime, SILC, and SIMPLE.
 .
 Some extra packages are suggested to use increased functionality:
  * tcl8.4, tk8.4:
    - Support for writing plugins with Tcl/Tk

pidgin: graphical multi-protocol instant messaging client for X

 Pidgin is a graphical, modular Instant Messaging client capable of using
 AIM/ICQ, Yahoo!, MSN, IRC, Jabber, Napster, Zephyr, Gadu-Gadu, Bonjour,
 Groupwise, Sametime, SILC, and SIMPLE all at once.
 .
 Some extra packages are recommended to use the core functionality present
 in most pidgin installations:
  * gstreamer0.10-plugins-base, gstreamer0.10-plugins-good
    - Sound support.
 .
 More extra packages are suggested to use increased functionality:
  * gnome-panel | kicker | docker:
    - To use the system tray icon functionality (minimizing to an icon, having
      the icon blink when there are new messages, etc.)
  * evolution-data-server:
    - For interfacing with an Evolution address book
  * libsqlite3-0:
    - To use Contact Availability Prediction plugin

pidgin-data: multi-protocol instant messaging client - data files

 This package contains architecture-independent supporting data files
 required for use with pidgin, such as documentation, icons, translations,
 and sounds.

pidgin-dbg: Debugging symbols for Pidgin

 This package includes the debugging symbols useful for debugging Pidgin
 and its plugins, contained in the pidgin package. The debugging symbols are
 used for execution tracing and core dump analysis.

pidgin-dev: multi-protocol instant messaging client - development files

 This package contains the headers and other development files not included in
 the main pidgin package. Install this if you wish to compile your own plugins.
 .
 If you are creating a pidgin plugin package, please be sure to read
 /usr/share/doc/pidgin-dev/README.Debian.dev after installing pidgin-dev.