Format: 1.8 Date: Thu, 14 Jan 2010 15:23:24 -0500 Source: pidgin Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin Architecture: amd64_translations amd64 Version: 1:2.5.2-0ubuntu1.6 Distribution: intrepid Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: finch - text-based multi-protocol instant messaging client finch-dev - text-based multi-protocol instant messaging client - development libpurple-bin - multi-protocol instant messaging library - extra utilities libpurple-dev - multi-protocol instant messaging library - development files libpurple0 - multi-protocol instant messaging library pidgin - graphical multi-protocol instant messaging client for X pidgin-data - multi-protocol instant messaging client - data files pidgin-dbg - Debugging symbols for Pidgin pidgin-dev - multi-protocol instant messaging client - development files Launchpad-Bugs-Fixed: 501089 Changes: pidgin (1:2.5.2-0ubuntu1.6) intrepid-security; urgency=low . * SECURITY UPDATE: denial of service via TOPIC message - debian/patches/87_security_CVE-2009-2703.patch: validate args in libpurple/protocols/irc/msgs.c. - CVE-2009-2703 * SECURITY UPDATE: information disclosure via incorrect jabber TLS handling - debian/patches/88_security_CVE-2009-3026.patch: bail out if encryption is not available in libpurple/protocols/jabber/auth.c. - CVE-2009-3026 * SECURITY UPDATE: denial of service via malformed SLP invite message - debian/patches/89_security_CVE-2009-3083.patch: validate branch, content_type and content in libpurple/protocols/msn/slp.c. - CVE-2009-3083 * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images - debian/patches/90_security_CVE-2009-3085.patch: validate raw_data in libpurple/protocols/jabber/data.c. - CVE-2009-3085 * SECURITY UPDATE: denial of service via crafted contact list data - debian/patches/91_security_CVE-2009-3615.patch: validate contact list structure in libpurple/protocols/oscar/oscar.c. - CVE-2009-3615 * SECURITY UPDATE: directory traversal via custom smiley request (LP: #501089) - debian/patches/92_security_CVE-2010-0013.patch: ignore request for smileys that don't exist in the image store in libpurple/protocols/msn/slp.c, backport purple_strequal in libpurple/util.{c,h}. - CVE-2010-0013 * WARNING: This package does not contain the changes from 1:2.5.2-0ubuntu1.5 that is in intrepid-proposed. Checksums-Sha1: 9b431d99303ebbf6e566b5c0cedc367e044fab02 6554590 pidgin_2.5.2-0ubuntu1.6_amd64_translations.tar.gz ac22d85220ae9b2e76d459ea9f8b66d4112ec251 1756174 libpurple0_2.5.2-0ubuntu1.6_amd64.deb 29e6957b0eb3d714f20d52b63b4c7979ad2d6514 613972 pidgin_2.5.2-0ubuntu1.6_amd64.deb aafc14331ba68508cbb42d999671a1d12f5355c4 4662108 pidgin-dbg_2.5.2-0ubuntu1.6_amd64.deb c546ac4ec61a5b5985f98c7b994645b52dcc14ab 230062 finch_2.5.2-0ubuntu1.6_amd64.deb Checksums-Sha256: 8c9ad2443cc446bc0f5224fcbf69f211d945ed03ae0652681d1165ef68763950 6554590 pidgin_2.5.2-0ubuntu1.6_amd64_translations.tar.gz 1f4075489bf19cd452f366c1759975a39be5c64b385c7c74cb0867fcf64c05ce 1756174 libpurple0_2.5.2-0ubuntu1.6_amd64.deb c8dc9558c9ddc667c304cb009a5a25c393f505226b69c1f65ec9c615bec6a331 613972 pidgin_2.5.2-0ubuntu1.6_amd64.deb bb59b750c0a8cb65d48c60eaf8229ebfdb7ed57bf9343f24ce15ba8000058b43 4662108 pidgin-dbg_2.5.2-0ubuntu1.6_amd64.deb f53afc080b31e4ea44821ddd3e0ff46b1541e8965f6518e7e547ad287af00f99 230062 finch_2.5.2-0ubuntu1.6_amd64.deb Files: 94b6bc4aca62471603b85d45449561e2 6554590 raw-translations - pidgin_2.5.2-0ubuntu1.6_amd64_translations.tar.gz 95a210be93b209f849a953fa7d9522f9 1756174 net optional libpurple0_2.5.2-0ubuntu1.6_amd64.deb 6bb40c80fd0ce97ace9de8662587a932 613972 net optional pidgin_2.5.2-0ubuntu1.6_amd64.deb 7ee3acea4673a7a9b489ed7eb61a1bfe 4662108 net extra pidgin-dbg_2.5.2-0ubuntu1.6_amd64.deb 645804746a0c40fdbfc7510ba8ec9dd2 230062 net optional finch_2.5.2-0ubuntu1.6_amd64.deb Original-Maintainer: Robert McQueen