Format: 1.7 Date: Fri, 15 Jan 2010 12:56:44 -0500 Source: pidgin Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin gaim Architecture: amd64_translations amd64 Version: 1:2.4.1-1ubuntu2.8 Distribution: hardy Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: finch - text-based multi-protocol instant messaging client finch-dev - text-based multi-protocol instant messaging client - development gaim - transitional package to Pidgin libpurple-bin - multi-protocol instant messaging library - extra utilities libpurple-dev - multi-protocol instant messaging library - development files libpurple0 - multi-protocol instant messaging library pidgin - graphical multi-protocol instant messaging client for X pidgin-data - multi-protocol instant messaging client - data files pidgin-dbg - Debugging symbols for Pidgin pidgin-dev - multi-protocol instant messaging client - development files Launchpad-Bugs-Fixed: 245769 494002 Changes: pidgin (1:2.4.1-1ubuntu2.8) hardy-security; urgency=low . * SECURITY UPDATE: denial of service via TOPIC message - debian/patches/87_security_CVE-2009-2703.patch: validate args in libpurple/protocols/irc/msgs.c. - CVE-2009-2703 * SECURITY UPDATE: information disclosure via incorrect jabber TLS handling - debian/patches/88_security_CVE-2009-3026.patch: bail out if encryption is not available in libpurple/protocols/jabber/auth.c. - CVE-2009-3026 * SECURITY UPDATE: denial of service via malformed SLP invite message - debian/patches/89_security_CVE-2009-3083.patch: validate branch, content_type and content in libpurple/protocols/msn/slp.c and libpurple/protocols/msnp9/slp.c. - CVE-2009-3083 * SECURITY UPDATE: denial of service via crafted contact list data - debian/patches/90_security_CVE-2009-3615.patch: validate contact list structure in libpurple/protocols/oscar/oscar.c. - CVE-2009-3615 * SECURITY UPDATE: denial of service via specially formulated long filename (LP: #245769) - previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete - debian/patches/91_security_CVE-2008-2955-2.patch: change src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure still exists before putting dest_fp in it. - CVE-2008-2955 * SECURITY UPDATE: arbitrary code execution via crafted MSN message - previous 83_security_CVE-2009-1376.patch patch was incomplete - debian/patches/92_security_CVE-2009-1376-2.patch: switch offset variable to guint64 in libpurple/protocols/msnp9/slplink.c. - CVE-2009-1376 * Fix connection issue with MSN (LP: #494002) - debian/patches/93_msn_protocol8.patch: use protocol v8 in libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported by msn anymore. Files: 3ab838471feab4a9be0b9132d9e42c71 7845961 raw-translations - pidgin_2.4.1-1ubuntu2.8_amd64_translations.tar.gz fc9d1b6bb56b57c12b51bec7153ffc5e 1573354 net optional libpurple0_2.4.1-1ubuntu2.8_amd64.deb 90dbf69d0f178c789b1671a706aa2369 572092 net optional pidgin_2.4.1-1ubuntu2.8_amd64.deb ca401f3f935f359e2262f5ff35b77881 4435438 net extra pidgin-dbg_2.4.1-1ubuntu2.8_amd64.deb 1ef3e17e0ec785ad2de3d88a36c57db8 226888 net optional finch_2.4.1-1ubuntu2.8_amd64.deb Original-Maintainer: Robert McQueen