pidgin 1:2.10.7-0ubuntu4.1.13.10.1 source package in Ubuntu
Changelog
pidgin (1:2.10.7-0ubuntu4.1.13.10.1) saucy-security; urgency=medium
* SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
- debian/patches/CVE-2012-6152.patch: validate strings as utf-8
before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
- CVE-2012-6152
* SECURITY UPDATE: crash via bad XMPP timestamp
- debian/patches/CVE-2013-6477.patch: properly handle invalid
timestamps in libpurple/{conversation,log,server}.c.
- CVE-2013-6477
* SECURITY UPDATE: crash via hovering pointer over long URL
- debian/patches/CVE-2013-6478.patch: set max lengths in
pidgin/gtkimhtml.c.
- CVE-2013-6478
* SECURITY UPDATE: remote crash via HTTP response parsing
- debian/patches/CVE-2013-6479.patch: don't implicitly trust
Content-Length in libpurple/util.c.
- CVE-2013-6479
* SECURITY UPDATE: remote crash via yahoo P2P message
- debian/patches/CVE-2013-6481.patch: perform bounds checking in
libpurple/protocols/yahoo/libymsg.c.
- CVE-2013-6481
* SECURITY UPDATE: crashes via MSN NULL pointer dereferences
- debian/patches/CVE-2013-6482.patch: fix NULL pointers in
libpurple/protocols/msn/{msg,oim,soap}.c.
- CVE-2013-6482
* SECURITY UPDATE: iq reply spoofing via incorrect from verification
- debian/patches/CVE-2013-6483.patch: verify from field on iq replies
in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
- CVE-2013-6483
* SECURITY UPDATE: crash via response from STUN server
- debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
- CVE-2013-6484
* SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
- debian/patches/CVE-2013-6485.patch: limit chunk size in
libpurple/util.c.
- CVE-2013-6485
* SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
- debian/patches/CVE-2013-6487.patch: limit length in
libpurple/protocols/gg/lib/http.c.
- CVE-2013-6487
* SECURITY UPDATE: buffer overflow in MXit emoticon parsing
- debian/patches/CVE-2013-6489.patch: check return code in
libpurple/protocols/mxit/markup.c.
- CVE-2013-6489
* SECURITY UPDATE: buffer overflow in SIMPLE header parsing
- debian/patches/CVE-2013-6490.patch: use g_new in
libpurple/protocols/simple/simple.c and check length in
libpurple/protocols/simple/sipmsg.c.
- CVE-2013-6490
* SECURITY UPDATE: crash via IRC argument parsing
- debian/patches/CVE-2014-0020.patch: fix arg handling in
libpurple/protocols/irc/msgs.c, fix counts in
libpurple/protocols/irc/parse.c.
- CVE-2014-0020
-- Marc Deslauriers <email address hidden> Wed, 05 Feb 2014 15:08:01 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Saucy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| pidgin_2.10.7.orig.tar.bz2 | 9.6 MiB | eba32994eca20d1cf24a4261b059b2de71a1ec2dd0926e904074b0db49f7f192 |
| pidgin_2.10.7-0ubuntu4.1.13.10.1.debian.tar.gz | 90.3 KiB | e6721d70935c6b5525c690eb5b0fb376d8f39ee3a7aa74bb4874fd88b0ca23e3 |
| pidgin_2.10.7-0ubuntu4.1.13.10.1.dsc | 2.9 KiB | 7cfc925b201885300f31741efe9ec2a49faf7bb35e33f943ee3e5d0cb79e7986 |
Available diffs
Binary packages built by this source
- finch: No summary available for finch in ubuntu saucy.
No description available for finch in ubuntu saucy.
- finch-dev: No summary available for finch-dev in ubuntu saucy.
No description available for finch-dev in ubuntu saucy.
- libpurple-bin: No summary available for libpurple-bin in ubuntu saucy.
No description available for libpurple-bin in ubuntu saucy.
- libpurple-dev: No summary available for libpurple-dev in ubuntu saucy.
No description available for libpurple-dev in ubuntu saucy.
- libpurple0: No summary available for libpurple0 in ubuntu saucy.
No description available for libpurple0 in ubuntu saucy.
- pidgin: No summary available for pidgin in ubuntu saucy.
No description available for pidgin in ubuntu saucy.
- pidgin-data: No summary available for pidgin-data in ubuntu saucy.
No description available for pidgin-data in ubuntu saucy.
- pidgin-dbg: No summary available for pidgin-dbg in ubuntu saucy.
No description available for pidgin-dbg in ubuntu saucy.
- pidgin-dev: No summary available for pidgin-dev in ubuntu saucy.
No description available for pidgin-dev in ubuntu saucy.
