Format: 1.8 Date: Thu, 14 Jan 2010 15:23:24 -0500 Source: pidgin Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin Architecture: lpia_translations lpia Version: 1:2.5.2-0ubuntu1.6 Distribution: intrepid Urgency: low Maintainer: Ubuntu/lpia Build Daemon Changed-By: Marc Deslauriers Description: finch - text-based multi-protocol instant messaging client finch-dev - text-based multi-protocol instant messaging client - development libpurple-bin - multi-protocol instant messaging library - extra utilities libpurple-dev - multi-protocol instant messaging library - development files libpurple0 - multi-protocol instant messaging library pidgin - graphical multi-protocol instant messaging client for X pidgin-data - multi-protocol instant messaging client - data files pidgin-dbg - Debugging symbols for Pidgin pidgin-dev - multi-protocol instant messaging client - development files Launchpad-Bugs-Fixed: 501089 Changes: pidgin (1:2.5.2-0ubuntu1.6) intrepid-security; urgency=low . * SECURITY UPDATE: denial of service via TOPIC message - debian/patches/87_security_CVE-2009-2703.patch: validate args in libpurple/protocols/irc/msgs.c. - CVE-2009-2703 * SECURITY UPDATE: information disclosure via incorrect jabber TLS handling - debian/patches/88_security_CVE-2009-3026.patch: bail out if encryption is not available in libpurple/protocols/jabber/auth.c. - CVE-2009-3026 * SECURITY UPDATE: denial of service via malformed SLP invite message - debian/patches/89_security_CVE-2009-3083.patch: validate branch, content_type and content in libpurple/protocols/msn/slp.c. - CVE-2009-3083 * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images - debian/patches/90_security_CVE-2009-3085.patch: validate raw_data in libpurple/protocols/jabber/data.c. - CVE-2009-3085 * SECURITY UPDATE: denial of service via crafted contact list data - debian/patches/91_security_CVE-2009-3615.patch: validate contact list structure in libpurple/protocols/oscar/oscar.c. - CVE-2009-3615 * SECURITY UPDATE: directory traversal via custom smiley request (LP: #501089) - debian/patches/92_security_CVE-2010-0013.patch: ignore request for smileys that don't exist in the image store in libpurple/protocols/msn/slp.c, backport purple_strequal in libpurple/util.{c,h}. - CVE-2010-0013 * WARNING: This package does not contain the changes from 1:2.5.2-0ubuntu1.5 that is in intrepid-proposed. Checksums-Sha1: f7c5fae5b0d8978f117cf05cce92588da5c976b4 6554607 pidgin_2.5.2-0ubuntu1.6_lpia_translations.tar.gz af96034fbbb9df9e6131cbb6f9e0393cbf5f735a 1552850 libpurple0_2.5.2-0ubuntu1.6_lpia.deb c0b399dacf865a75f580056f908a5ea934312adb 553788 pidgin_2.5.2-0ubuntu1.6_lpia.deb ca4c40849f1cd943156c2a6da2e444cea1a25e0c 4600638 pidgin-dbg_2.5.2-0ubuntu1.6_lpia.deb 2f8407e7592b34efc639ddc4586c837b8240c9bf 200668 finch_2.5.2-0ubuntu1.6_lpia.deb Checksums-Sha256: 4ccc307863949ba8ddc3c52748ab897fabbcd1f23ccc6cd508a6ef64f45f0370 6554607 pidgin_2.5.2-0ubuntu1.6_lpia_translations.tar.gz bbb6294f7f38aba57d50cab0985a0e8f0da08c86b19799c17423e4d5e988e9d9 1552850 libpurple0_2.5.2-0ubuntu1.6_lpia.deb 6cefba6bf98856bd522f4c75ebc026ecb01c736698bd868442cbc5f545814067 553788 pidgin_2.5.2-0ubuntu1.6_lpia.deb 4062f4c8258ee321605527d3b68364e6a130ba4a218ad893685a66d539ba6420 4600638 pidgin-dbg_2.5.2-0ubuntu1.6_lpia.deb 18347f592c69c45cc5b33db3c148b059ea83eadf2e4c69e55a48c086e3aaa435 200668 finch_2.5.2-0ubuntu1.6_lpia.deb Files: 7d1b477e84ddf32ea4d69a531ff8e299 6554607 raw-translations - pidgin_2.5.2-0ubuntu1.6_lpia_translations.tar.gz df7cfb64fbc1f808db5fdc08882b25c0 1552850 net optional libpurple0_2.5.2-0ubuntu1.6_lpia.deb 5abfad8e919f11ec914b293a5223d012 553788 net optional pidgin_2.5.2-0ubuntu1.6_lpia.deb c39ec50abc874e5bf0bd613f02210fa4 4600638 net extra pidgin-dbg_2.5.2-0ubuntu1.6_lpia.deb ceeb3d8d689b73786f667d215aa770ca 200668 net optional finch_2.5.2-0ubuntu1.6_lpia.deb Original-Maintainer: Robert McQueen