pidgin 1:2.4.1-1ubuntu2.2 source package in Ubuntu
Changelog
pidgin (1:2.4.1-1ubuntu2.2) hardy-security; urgency=low
* SECURITY UPDATE: code execution via integer overflow in the MSN protocol
handler (LP: #245770)
- debian/patches/71_SECURITY_CVE-2008-2927.patch: fix
msn_slplink_process_msg() in src/protocols/msn/slplink.c and src/
protocols/msnp9/slplink.c by checking against maximum size G_MAXSIZE.
- CVE-2008-2927
* SECURITY UPDATE: denial of service via specially formulated long
filename (LP: #245769)
- debian/patches/72_SECURITY_CVE-2008-2955.patch: change
src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
exists before putting dest_fp in it.
- CVE-2008-2955
* SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
URL in UPnP functionality (LP: #245769)
- debian/patches/73_SECURITY_CVE-2008-2957.patch: modified
libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
order to limit http downloads to 128k.
- CVE-2008-2957
* SECURITY UPDATE: man in the middle attack from lack of certificate
validation in nss plugin (LP: #251304)
- debian/patches/74_SECURITY_CVE-2008-3532.patch: modified
libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
- CVE-2008-3532
-- Marc Deslauriers <email address hidden> Thu, 20 Nov 2008 19:58:43 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hardy
- Original maintainer:
- Ubuntu Core Development Team
- Architectures:
- any
- Section:
- net
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| pidgin_2.4.1.orig.tar.gz | 12.7 MiB | 3bb2312e10cf9cc4aea120ec7a8e96361ad31d3ebc0dbfcabf8e344f88afb0ce |
| pidgin_2.4.1-1ubuntu2.2.diff.gz | 65.2 KiB | 6a5d2b18574e503e86e8440a5f09827529adc47018d6dd911c8df793580439cc |
| pidgin_2.4.1-1ubuntu2.2.dsc | 1.5 KiB | 1ed7bdb341aa3118b2c71cdebe43fc30426849a20b087bfdf09eaab26a166236 |
Available diffs
Binary packages built by this source
- finch: No summary available for finch in ubuntu hardy.
No description available for finch in ubuntu hardy.
- finch-dev: No summary available for finch-dev in ubuntu hardy.
No description available for finch-dev in ubuntu hardy.
- gaim: No summary available for gaim in ubuntu hardy.
No description available for gaim in ubuntu hardy.
- libpurple-bin: No summary available for libpurple-bin in ubuntu hardy.
No description available for libpurple-bin in ubuntu hardy.
- libpurple-dev: No summary available for libpurple-dev in ubuntu hardy.
No description available for libpurple-dev in ubuntu hardy.
- libpurple0: No summary available for libpurple0 in ubuntu hardy.
No description available for libpurple0 in ubuntu hardy.
- pidgin: No summary available for pidgin in ubuntu hardy.
No description available for pidgin in ubuntu hardy.
- pidgin-data: No summary available for pidgin-data in ubuntu hardy.
No description available for pidgin-data in ubuntu hardy.
- pidgin-dbg: No summary available for pidgin-dbg in ubuntu hardy.
No description available for pidgin-dbg in ubuntu hardy.
- pidgin-dev: No summary available for pidgin-dev in ubuntu hardy.
No description available for pidgin-dev in ubuntu hardy.
