Ubuntu

“pidgin” 1:2.4.1-1ubuntu2.2 source package in The Hardy Heron

Publishing history

1:2.4.1-1ubuntu2.2
SUPERSEDED: Hardy pocket Updates in component main and section net
  • Removed from disk on 2009-06-04.
  • Removal requested on 2009-03-12.
  • Superseded on 2009-03-11 by pidgin - 1:2.4.1-1ubuntu2.3
  • Published on 2008-11-24
  • Copied from ubuntu hardy in Private PPA for Ubuntu Security Team
1:2.4.1-1ubuntu2.2
SUPERSEDED: Hardy pocket Security in component main and section net
  • Removed from disk on 2009-06-04.
  • Removal requested on 2009-06-04.
  • Superseded on 2009-06-03 by pidgin - 1:2.4.1-1ubuntu2.4
  • Published on 2008-11-24
  • Copied from ubuntu hardy in Private PPA for Ubuntu Security Team

Builds

Changelog

pidgin (1:2.4.1-1ubuntu2.2) hardy-security; urgency=low

  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/71_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c and src/
      protocols/msnp9/slplink.c by checking against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/72_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/73_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/74_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

 -- Marc Deslauriers <email address hidden>   Thu, 20 Nov 2008 19:58:43 -0500