-
pidgin (1:2.7.11-1ubuntu2.2) natty-security; urgency=low
* SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
messages (LP: #958208)
- debian/patches/CVE-2011-4601.patch: Validate incoming messages to
enforce proper UTF-8 encoding. Based on upstream patch.
- CVE-2011-4601
* SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
and video chat requests (LP: #958208)
- debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice
and video chat requests. Based on upstream patch.
- CVE-2011-4602
* SECURITY UPDATE: Remote denial of service via specially crafted SILC
messages (LP: #958208)
- debian/patches/CVE-2011-4603.patch: Validate incoming messages to
enforce proper UTF-8 encoding. Based on upstream patch.
- CVE-2011-4603
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
offline messages (LP: #958208)
- debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to
UTF-8 if they are not already UTF-8. Based on upstream patch.
- CVE-2012-1178
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
messages (LP: #996691)
- debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
then validate the messages. Based on upstream patch.
- CVE-2012-2318
* SECURITY UPDATE: Remote denial of service via specially crafted MXit
messages (LP: #1022012)
- debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
instead of a fixed size buffer. Based on upstream patch.
- CVE-2012-3374
-- Tyler Hicks <email address hidden> Sun, 08 Jul 2012 18:14:21 -0500
-
pidgin (1:2.7.11-1ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
response size
- debian/patches/70_CVE-2011-3184.patch: properly calculate size in
libpurple/protocols/msn/httpconn.c.
- CVE-2011-3184
* SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
sequence
- debian/patches/71_CVE-2011-3594.patch: properly handle utf-8 in
libpurple/protocols/silc/ops.c.
- CVE-2011-3594
-- Marc Deslauriers <email address hidden> Fri, 18 Nov 2011 14:25:23 -0500
-
pidgin (1:2.7.11-1ubuntu2) natty; urgency=low
* Symbols were removed from libpurple-client.so.0 and are now only found in
libpurple.so.0 (LP: #757311)
- update debian/libpurple0.symbols
-- Micah Gersten <email address hidden> Mon, 11 Apr 2011 04:31:49 -0500
-
pidgin (1:2.7.11-1ubuntu1) natty; urgency=low
* Merge from Debian unstable (LP: #757146), remaining changes:
+ debian/control:
- Add libtool and liblaunchpad-integration-dev build depends
- Bump standards version
- Relax binary depends on pidgin versions
- Add pidgin-libnotify as Recommends for pidgin binary
- Fix description of pidgin binary
- Don't have libpurple-bin depend on libpurple0
+ debian/libpurple0.symbols: add epoch to appropriate symbols
+ Add debian/patches:
- 02_lpi.patch
- 04_let_crasher_for_apport.patch
- 05_default_to_irc_ubuntu_com.patch
- 10_docklet_default_off.patch
- 11_buddy_list_really_show.patch
- 13_sounds_and_timers.patch
- 60_1024x600_gtkpounce.c.patch
- 60_1024x600_gtkprefs.c.patch
+ debian/prefs.xml: add notification prefs
+ debian/rules:
- Add translation domain to desktop file with gettext
- Add the launcher for pidgin
* Add configure check for launchpad integration attached to the gtk check since
upstream dropped the startup notification check which is where this check was
previously
- update debian/patches/02_lpi.patch
pidgin (2.7.11-1) unstable; urgency=high
* Imported Upstream version 2.7.11
- fixes a crash in Voice/Video settings plugin (Closes: #611678)
- fixes a remote DoS in Yahoo protocol (CVE-2011-1091)
pidgin (2.7.9-2) unstable; urgency=low
* Remove old Replaces/Conflicts
* pidgin-data now Breaks/Replaces pidgin-facebookchat since we now
provide facebook.png (Closes: #608685)
-- Micah Gersten <email address hidden> Mon, 11 Apr 2011 03:27:22 -0500
-
pidgin (1:2.7.9-1ubuntu2) natty; urgency=low
* debian/control: Have pidgin-data Replaces: pidgin-facebookchat, as they
both ship the same icon. (LP: #697097)
-- Martin Pitt <email address hidden> Sun, 09 Jan 2011 06:30:48 -0600
-
pidgin (1:2.7.9-1ubuntu1) natty; urgency=low
* Resynchronize on Debian
-- Sebastien Bacher <email address hidden> Mon, 03 Jan 2011 16:36:53 +0100
-
pidgin (1:2.7.7-1ubuntu1) natty; urgency=low
* New upstream version, drop msn workaround
pidgin (2.7.7-1) unstable; urgency=low
* Imported Upstream version 2.7.7
pidgin (2.7.6-1) unstable; urgency=low
* Imported Upstream version 2.7.6
- Adds new MSN SSL certificates (Closes: #603911)
* Call dh_perl with -d to avoid Perl dependency. (Closes: #602928)
- thanks to Martin Pitt
-- Sebastien Bacher <email address hidden> Thu, 02 Dec 2010 16:45:52 +0100
-
pidgin (1:2.7.5-1ubuntu3) natty; urgency=low
* debian/patches/13_sounds_and_timers.patch: Squash debian-changes-*
patch onto this one, was presumably split up by accident
* debian/patches/workaround-msn-ssl-failure.patch: Workaround SSL
connectivity issues with MSN (LP: #676972)
-- Chow Loong Jin <email address hidden> Fri, 19 Nov 2010 20:49:42 +0800
-
pidgin (1:2.7.5-1ubuntu2) natty; urgency=low
* debian/rules: Call dh_perl with -d to avoid Perl dependency. The shipped
perl module only uses modules from perl-base.
-- Martin Pitt <email address hidden> Tue, 09 Nov 2010 14:02:05 +0100
-
pidgin (1:2.7.5-1ubuntu1) natty; urgency=low
* Resync on Debian
pidgin (2.7.5-1) unstable; urgency=low
* Imported Upstream version 2.7.5
- Fixes AIM/ICQ regressions (Closes: #602541)
pidgin (2.7.4-2) unstable; urgency=low
* Add libgadu_version.patch
- change minimum version for libgadu (Closes: #600969)
* Update version of libgadu-dev build-dependency
-- Sebastien Bacher <email address hidden> Fri, 05 Nov 2010 19:44:21 +0100
-
pidgin (1:2.7.3-1ubuntu3) maverick; urgency=low
* Include upstream bugfix (bug 12629) for Bonjour support (LP: #641344)
-- Stephane Graber <email address hidden> Tue, 21 Sep 2010 08:31:16 -0400
