pidgin 1:2.6.6-1ubuntu4.5 source package in Ubuntu

Changelog

pidgin (1:2.6.6-1ubuntu4.5) lucid-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Information disclosure
    - debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
      when freeing memory containing security-sensitive data. Based on
      upstream patch.
    - CVE-2011-4922
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
      to UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <email address hidden>   Sun, 08 Jul 2012 18:14:21 -0500

Upload details

Uploaded by:
Tyler Hicks on 2012-07-09
Uploaded to:
Lucid
Original maintainer:
Ubuntu Desktop
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
pidgin_2.6.6.orig.tar.bz2 9.0 MiB 6ebbe9d339246dfebb244e4c855c4feb678f120d1024ef2ee269e2fde77b2ad9
pidgin_2.6.6-1ubuntu4.5.debian.tar.gz 82.5 KiB 3a4971555df31fee2c51fe31704f7a1e979c8580605a71d206ae1bd15dab3c38
pidgin_2.6.6-1ubuntu4.5.dsc 2.7 KiB 152daefdb965a9e29f21e683edfcdd4a988a9f5aa7ebef4b865b8ef999a1725a

View changes file

Binary packages built by this source

finch: text-based multi-protocol instant messaging client

 Finch is a text/console-based, modular instant messaging client capable of
 using AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP, Napster, Zephyr, Gadu-Gadu,
 Bonjour, Groupwise, Sametime, SILC, SIMPLE, QQ, and MySpaceIM all at once.
 .
 Some extra packages are suggested to use increased functionality:
  * libx11-6
    - To use the Clipboard and/or Toaster plugins.

finch-dev: text-based multi-protocol instant messaging client - development

 This package contains the headers and other development files not included in
 the main finch package. Install this if you wish to compile your own plugins,
 or would like to compile programs that use the libgnt library.

libpurple-bin: multi-protocol instant messaging library - extra utilities

 This package contains the utilities not included in the main libpurple0
 package. Currently included are: purple-remote, purple-send,
 purple-send-async, and purple-url-handler,

libpurple-dev: multi-protocol instant messaging library - development files

 This package contains the headers and other development files not included in
 the main libpurple0 package. Install this if you wish to compile your own
 client-agnostic plugins, or would like to compile programs that use
 libpurple.

libpurple0: multi-protocol instant messaging library

 libpurple is a library intended to be used by programmers seeking
 to write an IM client that connects to many IM networks.
 Currently supported are:
 AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP, Napster, Zephyr, Gadu-Gadu, Bonjour,
 Groupwise, Sametime, SILC, SIMPLE, QQ, and MySpaceIM.
 .
 Some extra packages are suggested to use increased functionality:
  * tcl8.4, tk8.4:
    - Support for writing plugins with Tcl/Tk

pidgin: graphical multi-protocol instant messaging client for X

 Pidgin is a graphical, modular Instant Messaging client capable of using
 AIM/ICQ, Yahoo!, MSN, IRC, Jabber/XMPP, Napster, Zephyr, Gadu-Gadu, Bonjour,
 Groupwise, Sametime, SILC, SIMPLE, QQ, and MySpaceIM all at once.
 .
 Some extra packages are suggested to use increased functionality:
  * gnome-panel | kdebase-workspace-bin | docker:
    - To use the system tray icon functionality (minimizing to an icon, having
      the icon blink when there are new messages, etc.)
  * evolution-data-server:
    - For interfacing with an Evolution address book
  * libsqlite3-0:
    - To use Contact Availability Prediction plugin

pidgin-data: multi-protocol instant messaging client - data files

 This package contains architecture-independent supporting data files
 required for use with pidgin, such as documentation, icons, translations,
 and sounds.

pidgin-dbg: Debugging symbols for Pidgin

 This package includes the debugging symbols useful for debugging Pidgin
 and its plugins, contained in the pidgin package. The debugging symbols are
 used for execution tracing and core dump analysis.

pidgin-dev: multi-protocol instant messaging client - development files

 This package contains the headers and other development files not included in
 the main pidgin package. Install this if you wish to compile your own plugins.
 .
 If you are creating a pidgin plugin package, please be sure to read
 /usr/share/doc/pidgin-dev/README.Debian.dev after installing pidgin-dev.