Format: 1.8
Date: Wed, 05 Feb 2014 15:56:07 -0500
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: amd64 amd64_translations
Version: 1:2.10.6-0ubuntu2.3
Distribution: quantal
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@aatxe.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Changes: 
 pidgin (1:2.10.6-0ubuntu2.3) quantal-security; urgency=medium
 .
   * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
     - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
       before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
       yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
     - CVE-2012-6152
   * SECURITY UPDATE: crash via bad XMPP timestamp
     - debian/patches/CVE-2013-6477.patch: properly handle invalid
       timestamps in libpurple/{conversation,log,server}.c.
     - CVE-2013-6477
   * SECURITY UPDATE: crash via hovering pointer over long URL
     - debian/patches/CVE-2013-6478.patch: set max lengths in
       pidgin/gtkimhtml.c.
     - CVE-2013-6478
   * SECURITY UPDATE: remote crash via HTTP response parsing
     - debian/patches/CVE-2013-6479.patch: don't implicitly trust
       Content-Length in libpurple/util.c.
     - CVE-2013-6479
   * SECURITY UPDATE: remote crash via yahoo P2P message
     - debian/patches/CVE-2013-6481.patch: perform bounds checking in
       libpurple/protocols/yahoo/libymsg.c.
     - CVE-2013-6481
   * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
     - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
       libpurple/protocols/msn/{msg,oim,soap}.c.
     - CVE-2013-6482
   * SECURITY UPDATE: iq reply spoofing via incorrect from verification
     - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
       in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
     - CVE-2013-6483
   * SECURITY UPDATE: crash via response from STUN server
     - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
     - CVE-2013-6484
   * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
     - debian/patches/CVE-2013-6485.patch: limit chunk size in
       libpurple/util.c.
     - CVE-2013-6485
   * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
     - debian/patches/CVE-2013-6487.patch: limit length in
       libpurple/protocols/gg/lib/http.c.
     - CVE-2013-6487
   * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
     - debian/patches/CVE-2013-6489.patch: check return code in
       libpurple/protocols/mxit/markup.c.
     - CVE-2013-6489
   * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
     - debian/patches/CVE-2013-6490.patch: use g_new in
       libpurple/protocols/simple/simple.c and check length in
       libpurple/protocols/simple/sipmsg.c.
     - CVE-2013-6490
   * SECURITY UPDATE: crash via IRC argument parsing
     - debian/patches/CVE-2014-0020.patch: fix arg handling in
       libpurple/protocols/irc/msgs.c, fix counts in
       libpurple/protocols/irc/parse.c.
     - CVE-2014-0020
Checksums-Sha1: 
 3e4ffcfce9b094b72b52332dc2bede0d01b7e76e 1768770 libpurple0_2.10.6-0ubuntu2.3_amd64.deb
 478c8af45a9c82d3c1effe3d94a72f2a0595c2fa 8537148 pidgin_2.10.6-0ubuntu2.3_amd64_translations.tar.gz
 cde6527f1b9c19354f7c86976078db9c130f693e 700310 pidgin_2.10.6-0ubuntu2.3_amd64.deb
 761d99ce5cbe1329fb1de3f28391a46e313788bb 8875486 pidgin-dbg_2.10.6-0ubuntu2.3_amd64.deb
 5a57d5f0fb2f8e942b19f18f5cc199d2a9815856 255064 finch_2.10.6-0ubuntu2.3_amd64.deb
Checksums-Sha256: 
 630e1a163914c567fca2bc3092b7dad2d4ed6bcf8e8308c87ea3906bd6d06ee1 1768770 libpurple0_2.10.6-0ubuntu2.3_amd64.deb
 b6780167c78cb075346a6ea7ae3b6fa1fa80aab3c3ddf2308b6dcc75da5ced26 8537148 pidgin_2.10.6-0ubuntu2.3_amd64_translations.tar.gz
 b0f7018c27c6cc2ce8c81fe8c0bd97d290b67f2b4d02813ce34390bc0442c50c 700310 pidgin_2.10.6-0ubuntu2.3_amd64.deb
 4d50d7d6e7f8e74fdc3ab6e25c2325da3dcb19cc70dcc6313a966ae9be8c4077 8875486 pidgin-dbg_2.10.6-0ubuntu2.3_amd64.deb
 c2d37455f1164c433ac889579b298978861efd619fc3613ccf9c1f94fa7fe24c 255064 finch_2.10.6-0ubuntu2.3_amd64.deb
Files: 
 9e7977725bbd4dd17fd5168f6eca3d53 1768770 net optional libpurple0_2.10.6-0ubuntu2.3_amd64.deb
 97491a559797d9ade73c211b26abf0fa 8537148 raw-translations - pidgin_2.10.6-0ubuntu2.3_amd64_translations.tar.gz
 13025a670d9fbf8b0d73253837aab4e2 700310 net optional pidgin_2.10.6-0ubuntu2.3_amd64.deb
 b1b3956786f8644aa6bef8c2880eb1b1 8875486 debug extra pidgin-dbg_2.10.6-0ubuntu2.3_amd64.deb
 9cbe88aabe83bd16d5ebc3df61a49ecf 255064 net optional finch_2.10.6-0ubuntu2.3_amd64.deb
Original-Maintainer: Ari Pollak <ari@debian.org>