pidgin 1:2.6.6-1ubuntu4.5 source package in Ubuntu

Changelog

pidgin (1:2.6.6-1ubuntu4.5) lucid-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Information disclosure
    - debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
      when freeing memory containing security-sensitive data. Based on
      upstream patch.
    - CVE-2011-4922
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
      to UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <email address hidden>   Sun, 08 Jul 2012 18:14:21 -0500

Upload details

Uploaded by:
Tyler Hicks on 2012-07-09
Uploaded to:
Lucid
Original maintainer:
Ubuntu Desktop
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
pidgin_2.6.6.orig.tar.bz2 9.0 MiB 6ebbe9d339246dfebb244e4c855c4feb678f120d1024ef2ee269e2fde77b2ad9
pidgin_2.6.6-1ubuntu4.5.debian.tar.gz 82.5 KiB 3a4971555df31fee2c51fe31704f7a1e979c8580605a71d206ae1bd15dab3c38
pidgin_2.6.6-1ubuntu4.5.dsc 2.7 KiB 152daefdb965a9e29f21e683edfcdd4a988a9f5aa7ebef4b865b8ef999a1725a

View changes file

Binary packages built by this source

finch: No summary available for finch in ubuntu lucid.

No description available for finch in ubuntu lucid.

finch-dev: No summary available for finch-dev in ubuntu lucid.

No description available for finch-dev in ubuntu lucid.

libpurple-bin: No summary available for libpurple-bin in ubuntu lucid.

No description available for libpurple-bin in ubuntu lucid.

libpurple-dev: No summary available for libpurple-dev in ubuntu lucid.

No description available for libpurple-dev in ubuntu lucid.

libpurple0: No summary available for libpurple0 in ubuntu lucid.

No description available for libpurple0 in ubuntu lucid.

pidgin: No summary available for pidgin in ubuntu lucid.

No description available for pidgin in ubuntu lucid.

pidgin-data: No summary available for pidgin-data in ubuntu lucid.

No description available for pidgin-data in ubuntu lucid.

pidgin-dbg: No summary available for pidgin-dbg in ubuntu lucid.

No description available for pidgin-dbg in ubuntu lucid.

pidgin-dev: No summary available for pidgin-dev in ubuntu lucid.

No description available for pidgin-dev in ubuntu lucid.