Format: 1.8 Date: Sun, 08 Jul 2012 18:14:21 -0500 Source: pidgin Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin Architecture: all i386_translations i386 Version: 1:2.10.0-0ubuntu2.1 Distribution: oneiric Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Tyler Hicks Description: finch - text-based multi-protocol instant messaging client finch-dev - text-based multi-protocol instant messaging client - development libpurple-bin - multi-protocol instant messaging library - extra utilities libpurple-dev - multi-protocol instant messaging library - development files libpurple0 - multi-protocol instant messaging library pidgin - graphical multi-protocol instant messaging client for X pidgin-data - multi-protocol instant messaging client - data files pidgin-dbg - Debugging symbols for Pidgin pidgin-dev - multi-protocol instant messaging client - development files Launchpad-Bugs-Fixed: 958208 996691 1022012 Changes: pidgin (1:2.10.0-0ubuntu2.1) oneiric-security; urgency=low . * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ messages (LP: #958208) - debian/patches/CVE-2011-4601.patch: Validate incoming messages to enforce proper UTF-8 encoding. Based on upstream patch. - CVE-2011-4601 * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice and video chat requests (LP: #958208) - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice and video chat requests. Based on upstream patch. - CVE-2011-4602 * SECURITY UPDATE: Remote denial of service via specially crafted SILC messages (LP: #958208) - debian/patches/CVE-2011-4603.patch: Validate incoming messages to enforce proper UTF-8 encoding. Based on upstream patch. - CVE-2011-4603 * SECURITY UPDATE: Remote denial of service via nickname changes in XMPP chat rooms (LP: #958208) - debian/patches/CVE-2011-4939.patch: Ensure pointer is non-NULL prior to dereferencing it. Based on upstream patch. - CVE-2011-4939 * SECURITY UPDATE: Remote denial of service via specially crafted MSN offline messages (LP: #958208) - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to UTF-8 if they are not already UTF-8. Based on upstream patch. - CVE-2012-1178 * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file transfer requests (LP: #996691) - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5 connection attempts. Based on upstream patch. - CVE-2012-2214 * SECURITY UPDATE: Remote denial of service via specially crafted MSN messages (LP: #996691) - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8, then validate the messages. Based on upstream patch. - CVE-2012-2318 * SECURITY UPDATE: Remote denial of service via specially crafted MXit messages (LP: #1022012) - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory instead of a fixed size buffer. Based on upstream patch. - CVE-2012-3374 Checksums-Sha1: d9731b30f20e2c4a9c6fb930781ea013b973ffab 1102676 pidgin-data_2.10.0-0ubuntu2.1_all.deb cf27de59bcedcc0f940137a0dbb5080f9686392c 15715795 pidgin_2.10.0-0ubuntu2.1_i386_translations.tar.gz 827d554f8535e2eb0f3f8f7857985b92586b18a9 1717582 pidgin-dev_2.10.0-0ubuntu2.1_all.deb c1f9b10665a4444e654d0ac2d8c4e63e0f884f89 43152 finch-dev_2.10.0-0ubuntu2.1_all.deb 892ef2afb33a927a60bd3437833020efe705ad1a 190604 libpurple-dev_2.10.0-0ubuntu2.1_all.deb c3d421bb86e773357216da2ef176e7f8c10bc926 17508 libpurple-bin_2.10.0-0ubuntu2.1_all.deb 424eb40120b7f868e200b3ce4dea26e2c7c9c254 1840670 libpurple0_2.10.0-0ubuntu2.1_i386.deb 92b4060a0f86eb5ed1c0f51c02f6c2d48b70ef7c 711838 pidgin_2.10.0-0ubuntu2.1_i386.deb 8aaf354aa60698b28a46b3cc28b4c0c68e0aa04e 6285600 pidgin-dbg_2.10.0-0ubuntu2.1_i386.deb ef70d6035e750deb734eddcc5819ecebbf2ba4f6 254506 finch_2.10.0-0ubuntu2.1_i386.deb Checksums-Sha256: ec05f8a32f3dbc8e4ab541fd5063d22687ea2f25b30bdd121c5413df83aaff28 1102676 pidgin-data_2.10.0-0ubuntu2.1_all.deb 245d0e970c80c674ab04b8c7bfc058c3cd0abfff6a8f18725d58f9c1dcc2c459 15715795 pidgin_2.10.0-0ubuntu2.1_i386_translations.tar.gz 8fbbd4bd5fcc80dd12a041a06f159b05302062899633db582fe1987d72d704c9 1717582 pidgin-dev_2.10.0-0ubuntu2.1_all.deb 79c11acbf20ab762b4e67a1e553e42decd38334f95d12831f5a11c97894ef478 43152 finch-dev_2.10.0-0ubuntu2.1_all.deb e62af3640be57c1f27d6cbf23e74d53dbc10616af5fcbd5f1d9d680a32bad888 190604 libpurple-dev_2.10.0-0ubuntu2.1_all.deb 0f6cace38b382fbb66514b64e4625e69f053b4b55e93c3f2d15be30a3c3a8d68 17508 libpurple-bin_2.10.0-0ubuntu2.1_all.deb b8d4ea32b35c369f44622824414a24e2bc8ff12f4e856c213ff66527ad7972fb 1840670 libpurple0_2.10.0-0ubuntu2.1_i386.deb 74b35dc5a27b52d4773bd65d5114229f492311d2515cfe988a100cf1fa6d4ab8 711838 pidgin_2.10.0-0ubuntu2.1_i386.deb 10d31bc030ac4c4d06bd6b05c0411915f63110091116f338da71190e6929aedb 6285600 pidgin-dbg_2.10.0-0ubuntu2.1_i386.deb 81be13567f5855edd43042a5fc5f6e5d22a54e04945324f465e56a45725ff2bc 254506 finch_2.10.0-0ubuntu2.1_i386.deb Files: 8b0cbbfcc38be04a3a1d2e21df3eeeea 1102676 net optional pidgin-data_2.10.0-0ubuntu2.1_all.deb 4d4696793cc568a270c18ae3a2c5c7a2 15715795 raw-translations - pidgin_2.10.0-0ubuntu2.1_i386_translations.tar.gz 695d90d24e4858fa022fbfddd4fd2d25 1717582 devel optional pidgin-dev_2.10.0-0ubuntu2.1_all.deb 7a5c4e5665d8d8f52dc03d366165dfc4 43152 devel optional finch-dev_2.10.0-0ubuntu2.1_all.deb 71df39b6134b1ecadc76d4098efb395f 190604 libdevel optional libpurple-dev_2.10.0-0ubuntu2.1_all.deb e0d537fd2322cd34ec31f5676c47f3c5 17508 net optional libpurple-bin_2.10.0-0ubuntu2.1_all.deb f7c1c80d908aabce75ee779d9a6d1fdf 1840670 net optional libpurple0_2.10.0-0ubuntu2.1_i386.deb 99e36a6fd6f0f9e34b3698cd2cac5670 711838 net optional pidgin_2.10.0-0ubuntu2.1_i386.deb 5d0f3b8382b41230fd24f66cfc5433ec 6285600 debug extra pidgin-dbg_2.10.0-0ubuntu2.1_i386.deb 2baf182635c4042f8d809d390406bc55 254506 net optional finch_2.10.0-0ubuntu2.1_i386.deb Original-Maintainer: Ari Pollak