Format: 1.8 Date: Thu, 21 Feb 2013 12:53:30 -0500 Source: pidgin Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin Architecture: powerpc powerpc_translations Version: 1:2.10.3-0ubuntu1.3 Distribution: precise Urgency: low Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Marc Deslauriers Description: finch - text-based multi-protocol instant messaging client finch-dev - text-based multi-protocol instant messaging client - development libpurple-bin - multi-protocol instant messaging library - extra utilities libpurple-dev - multi-protocol instant messaging library - development files libpurple0 - multi-protocol instant messaging library pidgin - graphical multi-protocol instant messaging client for X pidgin-data - multi-protocol instant messaging client - data files pidgin-dbg - Debugging symbols for Pidgin pidgin-dev - multi-protocol instant messaging client - development files Changes: pidgin (1:2.10.3-0ubuntu1.3) precise-security; urgency=low . * SECURITY UPDATE: file overwrite via MXit crafted pathname - debian/patches/CVE-2013-0271.patch: properly escape filenames in libpurple/protocols/mxit/formcmds.c, libpurple/protocols/mxit/splashscreen.c. - CVE-2013-0271 * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit - debian/patches/CVE-2013-0272.patch: properly check lengths in libpurple/protocols/mxit/http.c. - CVE-2013-0272 * SECURITY UPDATE: denial of service via long user ID in Sametime - debian/patches/CVE-2013-0273.patch: use g_strlcpy in libpurple/protocols/sametime/sametime.c. - CVE-2013-0273 * SECURITY UPDATE: denial of service via long UPnP responses - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c. - CVE-2013-0274 Checksums-Sha1: 5ed7683c8a412f79494c7d0bc8565952760aa3d7 1697664 libpurple0_2.10.3-0ubuntu1.3_powerpc.deb e08ad3e8f4989c2a175f42f55492582f5ef6b70c 8506527 pidgin_2.10.3-0ubuntu1.3_powerpc_translations.tar.gz 48eaaf7a268119a0664ce594b87a84c8358abe68 687470 pidgin_2.10.3-0ubuntu1.3_powerpc.deb 411f423d227bb90037e61f826373f32d738a8ca0 6872194 pidgin-dbg_2.10.3-0ubuntu1.3_powerpc.deb be0c05ec2c61611667b4ebecb779d0ebc55f57e3 248394 finch_2.10.3-0ubuntu1.3_powerpc.deb Checksums-Sha256: 9748ff7ddfdc13caf622a299ca732ae399528f32c046017a18fff2de62fa7704 1697664 libpurple0_2.10.3-0ubuntu1.3_powerpc.deb 52f2eb26e9b15d496517562ce5a03f03779609fabbcdc0be7e00e225fffc2f79 8506527 pidgin_2.10.3-0ubuntu1.3_powerpc_translations.tar.gz db7ee8f2c1b782c06e61e3081589c74a2db60f152b9db7e799ec5d54c93d4d0f 687470 pidgin_2.10.3-0ubuntu1.3_powerpc.deb af192a6d56978664067803fd951a9989706429c986cbb973fc216ef104877fd1 6872194 pidgin-dbg_2.10.3-0ubuntu1.3_powerpc.deb 410dbdc3d7af15ff2a0c5aa521b2307716d58da8d609e5182a3a631cdca3d404 248394 finch_2.10.3-0ubuntu1.3_powerpc.deb Files: 42e83617d16d0d3d52e6031b544697a7 1697664 net optional libpurple0_2.10.3-0ubuntu1.3_powerpc.deb 6a88f4a5c8390753f82f6d556d0c4a63 8506527 raw-translations - pidgin_2.10.3-0ubuntu1.3_powerpc_translations.tar.gz d74d9d28b0da2b3a00061afb1c34ee7d 687470 net optional pidgin_2.10.3-0ubuntu1.3_powerpc.deb 2bc03f195ee8dc4ddfc5871661942f98 6872194 debug extra pidgin-dbg_2.10.3-0ubuntu1.3_powerpc.deb 693a04988cf8224c19b467505c63db26 248394 net optional finch_2.10.3-0ubuntu1.3_powerpc.deb Original-Maintainer: Ari Pollak