Format: 1.7 Date: Fri, 03 Jul 2009 11:14:37 -0400 Source: pidgin Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin gaim Architecture: lpia_translations lpia Version: 1:2.4.1-1ubuntu2.5 Distribution: hardy Urgency: low Maintainer: Ubuntu/lpia Build Daemon Changed-By: Marc Deslauriers Description: finch - text-based multi-protocol instant messaging client finch-dev - text-based multi-protocol instant messaging client - development gaim - transitional package to Pidgin libpurple-bin - multi-protocol instant messaging library - extra utilities libpurple-dev - multi-protocol instant messaging library - development files libpurple0 - multi-protocol instant messaging library pidgin - graphical multi-protocol instant messaging client for X pidgin-data - multi-protocol instant messaging client - data files pidgin-dbg - Debugging symbols for Pidgin pidgin-dev - multi-protocol instant messaging client - development files Launchpad-Bugs-Fixed: 393736 Changes: pidgin (1:2.4.1-1ubuntu2.5) hardy-security; urgency=low . * SECURITY UPDATE: denial of service via ICQWebMessage message type in OSCAR protocol. (LP: #393736) - debian/patches/84_security_CVE-2009-1889.patch: make the check better in libpurple/protocols/oscar/oscar.c, only allocate memory if len is valid in libpurple/protocols/oscar/bstream.c. - CVE-2009-1889 Files: 47d53a51c3e1a44e4e14ac592ceceeb4 7846069 raw-translations - pidgin_2.4.1-1ubuntu2.5_lpia_translations.tar.gz 264502f259c45da978283cd2deed21ff 1415410 net optional libpurple0_2.4.1-1ubuntu2.5_lpia.deb 3fe599d6288bcc92b1eaa8df579a7fae 511658 net optional pidgin_2.4.1-1ubuntu2.5_lpia.deb 4815c0b8f5e5db6a483b9b7b5e90202f 4372712 net extra pidgin-dbg_2.4.1-1ubuntu2.5_lpia.deb 125d9dc936b19fc2e30b63395cc91311 197190 net optional finch_2.4.1-1ubuntu2.5_lpia.deb Original-Maintainer: Robert McQueen