Format: 1.8 Date: Thu, 21 Feb 2013 12:53:30 -0500 Source: pidgin Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin Architecture: armhf armhf_translations Version: 1:2.10.3-0ubuntu1.3 Distribution: precise Urgency: low Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: finch - text-based multi-protocol instant messaging client finch-dev - text-based multi-protocol instant messaging client - development libpurple-bin - multi-protocol instant messaging library - extra utilities libpurple-dev - multi-protocol instant messaging library - development files libpurple0 - multi-protocol instant messaging library pidgin - graphical multi-protocol instant messaging client for X pidgin-data - multi-protocol instant messaging client - data files pidgin-dbg - Debugging symbols for Pidgin pidgin-dev - multi-protocol instant messaging client - development files Changes: pidgin (1:2.10.3-0ubuntu1.3) precise-security; urgency=low . * SECURITY UPDATE: file overwrite via MXit crafted pathname - debian/patches/CVE-2013-0271.patch: properly escape filenames in libpurple/protocols/mxit/formcmds.c, libpurple/protocols/mxit/splashscreen.c. - CVE-2013-0271 * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit - debian/patches/CVE-2013-0272.patch: properly check lengths in libpurple/protocols/mxit/http.c. - CVE-2013-0272 * SECURITY UPDATE: denial of service via long user ID in Sametime - debian/patches/CVE-2013-0273.patch: use g_strlcpy in libpurple/protocols/sametime/sametime.c. - CVE-2013-0273 * SECURITY UPDATE: denial of service via long UPnP responses - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c. - CVE-2013-0274 Checksums-Sha1: f404360f71dfb6dd68fc1056379393f7dfd71833 1431696 libpurple0_2.10.3-0ubuntu1.3_armhf.deb 0957d35dd560bfc608392cffcec697d1e2b083d5 8507759 pidgin_2.10.3-0ubuntu1.3_armhf_translations.tar.gz 0321ed108f9f1408f015e91ae0edc5c24337a474 588210 pidgin_2.10.3-0ubuntu1.3_armhf.deb 9c7808b484ae88cef04cd1c199b13789777c9b04 6399070 pidgin-dbg_2.10.3-0ubuntu1.3_armhf.deb 6584528850d9522a29ffaf64b0958d55b1621390 205654 finch_2.10.3-0ubuntu1.3_armhf.deb Checksums-Sha256: 4e9511cf0f9f83d68e090c7e9654f6d8ffd65127b1f16d80be269fc12f298b68 1431696 libpurple0_2.10.3-0ubuntu1.3_armhf.deb 7b040073d02e16e76aa652e49d0afe0bc13525712a18d0c2f475a1b257eafc15 8507759 pidgin_2.10.3-0ubuntu1.3_armhf_translations.tar.gz a98d55e75b02096b42339deff0ecc83065cc62101ce2d399b8aa669cfefffe49 588210 pidgin_2.10.3-0ubuntu1.3_armhf.deb b4751d7cf4570d22c62fe65847db2e86389c17878e3095ce6dd835009b11735c 6399070 pidgin-dbg_2.10.3-0ubuntu1.3_armhf.deb 66371b793d8678c395e8a351b448e577f6aef4d4e4b3740df1a9eb2013c812a2 205654 finch_2.10.3-0ubuntu1.3_armhf.deb Files: a3708f18eecf64be3fe3fdf6d3131f12 1431696 net optional libpurple0_2.10.3-0ubuntu1.3_armhf.deb 49b0c5d8e756654d6b988f8e786a4c5b 8507759 raw-translations - pidgin_2.10.3-0ubuntu1.3_armhf_translations.tar.gz 35eae8deed6011696454ca1a9e315ec2 588210 net optional pidgin_2.10.3-0ubuntu1.3_armhf.deb ad6585f236bbe60b740f53ac6f638dd1 6399070 debug extra pidgin-dbg_2.10.3-0ubuntu1.3_armhf.deb b1d65233b00be9aea2dbc31c2acaa75e 205654 net optional finch_2.10.3-0ubuntu1.3_armhf.deb Original-Maintainer: Ari Pollak