Ubuntu

“pidgin” 1:2.6.6-1ubuntu4.5 source package in Ubuntu

Changelog

pidgin (1:2.6.6-1ubuntu4.5) lucid-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Information disclosure
    - debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
      when freeing memory containing security-sensitive data. Based on
      upstream patch.
    - CVE-2011-4922
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
      to UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <email address hidden>   Sun, 08 Jul 2012 18:14:21 -0500

Upload details

Uploaded by:
Tyler Hicks on 2012-07-09
Uploaded to:
Lucid
Original maintainer:
Ubuntu Desktop
Component:
main
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
pidgin_2.6.6.orig.tar.bz2 9.0 MiB b37ab6c52db8355e8c70c044c2ba17c1
pidgin_2.6.6-1ubuntu4.5.debian.tar.gz 82.5 KiB a1f1284aa61bff4ed7cbfb71afcdb039
pidgin_2.6.6-1ubuntu4.5.dsc 2.7 KiB 71fe650574e7d63dd6bda6ff359a51e0

Binary packages built by this source

finch: text-based multi-protocol instant messaging client

 Finch is a text/console-based, modular instant messaging client capable of
 using AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP, Napster, Zephyr, Gadu-Gadu,
 Bonjour, Groupwise, Sametime, SILC, SIMPLE, QQ, and MySpaceIM all at once.
 .
 Some extra packages are suggested to use increased functionality:
  * libx11-6
    - To use the Clipboard and/or Toaster plugins.

finch-dev: text-based multi-protocol instant messaging client - development

 This package contains the headers and other development files not included in
 the main finch package. Install this if you wish to compile your own plugins,
 or would like to compile programs that use the libgnt library.

libpurple-bin: multi-protocol instant messaging library - extra utilities

 This package contains the utilities not included in the main libpurple0
 package. Currently included are: purple-remote, purple-send,
 purple-send-async, and purple-url-handler,

libpurple-dev: multi-protocol instant messaging library - development files

 This package contains the headers and other development files not included in
 the main libpurple0 package. Install this if you wish to compile your own
 client-agnostic plugins, or would like to compile programs that use
 libpurple.

libpurple0: multi-protocol instant messaging library

 libpurple is a library intended to be used by programmers seeking
 to write an IM client that connects to many IM networks.
 Currently supported are:
 AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP, Napster, Zephyr, Gadu-Gadu, Bonjour,
 Groupwise, Sametime, SILC, SIMPLE, QQ, and MySpaceIM.
 .
 Some extra packages are suggested to use increased functionality:
  * tcl8.4, tk8.4:
    - Support for writing plugins with Tcl/Tk

pidgin: graphical multi-protocol instant messaging client for X

 Pidgin is a graphical, modular Instant Messaging client capable of using
 AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP, Napster, Zephyr, Gadu-Gadu, Bonjour,
 Groupwise, Sametime, SILC, SIMPLE, QQ, and MySpaceIM all at once.
 .
 Some extra packages are suggested to use increased functionality:
  * gnome-panel | kdebase-workspace-bin | docker:
    - To use the system tray icon functionality (minimizing to an icon, having
      the icon blink when there are new messages, etc.)
  * evolution-data-server:
    - For interfacing with an Evolution address book
  * libsqlite3-0:
    - To use Contact Availability Prediction plugin

pidgin-data: multi-protocol instant messaging client - data files

 This package contains architecture-independent supporting data files
 required for use with pidgin, such as documentation, icons, translations,
 and sounds.

pidgin-dbg: Debugging symbols for Pidgin

 This package includes the debugging symbols useful for debugging Pidgin
 and its plugins, contained in the pidgin package. The debugging symbols are
 used for execution tracing and core dump analysis.

pidgin-dev: multi-protocol instant messaging client - development files

 This package contains the headers and other development files not included in
 the main pidgin package. Install this if you wish to compile your own plugins.
 .
 If you are creating a pidgin plugin package, please be sure to read
 /usr/share/doc/pidgin-dev/README.Debian.dev after installing pidgin-dev.