Format: 1.8 Date: Sun, 08 Jul 2012 18:14:21 -0500 Source: pidgin Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin Architecture: all i386_translations i386 Version: 1:2.7.11-1ubuntu2.2 Distribution: natty Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Tyler Hicks Description: finch - text-based multi-protocol instant messaging client finch-dev - text-based multi-protocol instant messaging client - development libpurple-bin - multi-protocol instant messaging library - extra utilities libpurple-dev - multi-protocol instant messaging library - development files libpurple0 - multi-protocol instant messaging library pidgin - multi-protocol instant messaging client pidgin-data - multi-protocol instant messaging client - data files pidgin-dbg - Debugging symbols for Pidgin pidgin-dev - multi-protocol instant messaging client - development files Launchpad-Bugs-Fixed: 958208 996691 1022012 Changes: pidgin (1:2.7.11-1ubuntu2.2) natty-security; urgency=low . * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ messages (LP: #958208) - debian/patches/CVE-2011-4601.patch: Validate incoming messages to enforce proper UTF-8 encoding. Based on upstream patch. - CVE-2011-4601 * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice and video chat requests (LP: #958208) - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice and video chat requests. Based on upstream patch. - CVE-2011-4602 * SECURITY UPDATE: Remote denial of service via specially crafted SILC messages (LP: #958208) - debian/patches/CVE-2011-4603.patch: Validate incoming messages to enforce proper UTF-8 encoding. Based on upstream patch. - CVE-2011-4603 * SECURITY UPDATE: Remote denial of service via specially crafted MSN offline messages (LP: #958208) - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to UTF-8 if they are not already UTF-8. Based on upstream patch. - CVE-2012-1178 * SECURITY UPDATE: Remote denial of service via specially crafted MSN messages (LP: #996691) - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8, then validate the messages. Based on upstream patch. - CVE-2012-2318 * SECURITY UPDATE: Remote denial of service via specially crafted MXit messages (LP: #1022012) - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory instead of a fixed size buffer. Based on upstream patch. - CVE-2012-3374 Checksums-Sha1: 3c0dba7f1bfcc85b3c57e577f706be2bad120821 1111580 pidgin-data_2.7.11-1ubuntu2.2_all.deb cba83db924cb1fd8fc9a024898f5f1107f618019 15961432 pidgin_2.7.11-1ubuntu2.2_i386_translations.tar.gz ac4104a6fac963de5ee006cbab4b1c35b5863344 1809490 pidgin-dev_2.7.11-1ubuntu2.2_all.deb 143a1b7eb238615728855e2cd9d87ce13694f243 40210 finch-dev_2.7.11-1ubuntu2.2_all.deb fef6c1e289614e20f9386125d7e56039dee2b1ff 203576 libpurple-dev_2.7.11-1ubuntu2.2_all.deb 584ba587d12155dee4b363a229a0a543df634791 17168 libpurple-bin_2.7.11-1ubuntu2.2_all.deb a8daa55d4f87d4eb3ec53a7c64d7ca99226751e3 1747230 libpurple0_2.7.11-1ubuntu2.2_i386.deb c987ee3b2ea6c92dba4e9b9e831e87fada219bcc 550174 pidgin_2.7.11-1ubuntu2.2_i386.deb d288c298d45f9b0b9544ce7ca7ab0ebec70668da 6875112 pidgin-dbg_2.7.11-1ubuntu2.2_i386.deb baab7637afbc0aca39d6da7df5841e796249771a 223756 finch_2.7.11-1ubuntu2.2_i386.deb Checksums-Sha256: 297a8a080e5cad55fa6079b2edda6ca0c53ea8f921b96be09a92cc0743c0a73b 1111580 pidgin-data_2.7.11-1ubuntu2.2_all.deb c319303915c2651aae5ba0c1828e76d63806e5594d2e102783846a31e3a0df7b 15961432 pidgin_2.7.11-1ubuntu2.2_i386_translations.tar.gz e1d2bac0e855286b20eb027cc787a55dc4a97afbb9db7b5e61535317c0c64eac 1809490 pidgin-dev_2.7.11-1ubuntu2.2_all.deb a3fd20dd4cb5556c1b3f94e957a4215503c2f833231408f45b8cc13727c5d9bd 40210 finch-dev_2.7.11-1ubuntu2.2_all.deb e0c2fd44f32ae102218880e62f0e925a4335f27f1ca6a8a0c89ac80b70636599 203576 libpurple-dev_2.7.11-1ubuntu2.2_all.deb a8a4e792c5ded3fe8686f0957db246a75855d941ca835242fd9bd1fcbdda6e6b 17168 libpurple-bin_2.7.11-1ubuntu2.2_all.deb e955f47fa9a6211864f498e3f67e501a1f5a56da429a67c6dde01f5269933165 1747230 libpurple0_2.7.11-1ubuntu2.2_i386.deb 1361a56a91fa4782bd961da33c884176ec46a0e1cb4afc103483dc31ad191f43 550174 pidgin_2.7.11-1ubuntu2.2_i386.deb 62bc8e7bb44efc6bb91970de5613ab199a485969e183796b66942dba3432c5d3 6875112 pidgin-dbg_2.7.11-1ubuntu2.2_i386.deb d8e7f986f6716226f513994a01da233c7e64a63fd9b9585f9eedf8d087ceb460 223756 finch_2.7.11-1ubuntu2.2_i386.deb Files: 9646ed8648af1c128a6f0584d04c30eb 1111580 net optional pidgin-data_2.7.11-1ubuntu2.2_all.deb 428153457160df3b5a1082d76e279c13 15961432 raw-translations - pidgin_2.7.11-1ubuntu2.2_i386_translations.tar.gz 3f7cc1a7d29c74542c6745fcd2bd5646 1809490 devel optional pidgin-dev_2.7.11-1ubuntu2.2_all.deb 9a3c6e5d305e8b4bdb088a01500740d2 40210 devel optional finch-dev_2.7.11-1ubuntu2.2_all.deb 21f5ac6810043f6b53081dd95d1346df 203576 libdevel optional libpurple-dev_2.7.11-1ubuntu2.2_all.deb c13f7869de971c017c6a01133ea9506b 17168 net optional libpurple-bin_2.7.11-1ubuntu2.2_all.deb e2f5d1c66f90f50c96d5fd4ef3342a2b 1747230 net optional libpurple0_2.7.11-1ubuntu2.2_i386.deb 98b44460aa11aaf0456eb1ee4b8c93b7 550174 net optional pidgin_2.7.11-1ubuntu2.2_i386.deb cd3d5acff73e44c6a462e83fc67b54a6 6875112 debug extra pidgin-dbg_2.7.11-1ubuntu2.2_i386.deb 50becbdeafcf2b735ba52eaf7d82e233 223756 net optional finch_2.7.11-1ubuntu2.2_i386.deb Original-Maintainer: Ari Pollak