Branches for Intrepid

Author: Sebastien Bacher
Revision Date: 2008-10-22 21:51:41 UTC

* New upstream version
* debian/patches/06_ssl_null_pointer_deref.patch:
  - the change is in the new version

Author: Philip Wyett
Revision Date: 2009-11-30 12:03:02 UTC

Add 87_yahoo_15_fix.patch: Backport upstream changes to use version 16 of
the Yahoo! Messenger Protocol. The old authentication mechanism was
disabled, meaning that it can no longer be used for signing in to Yahoo!
services (LP: #389322)

Author: Marc Deslauriers
Revision Date: 2010-02-18 14:45:12 UTC

* SECURITY UPDATE: denial of service via malformed SLP message
  - debian/patches/93_security_CVE-2010-0277.patch: validate input in
    libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
  - CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
  - debian/patches/93_security_CVE-2010-0420.patch: properly unescape
    text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
    libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
  - CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
  - debian/patches/93_security_CVE-2010-0423.patch: limit the number of
    smileys in pidgin/gtkimhtml.c.
  - CVE-2010-0423

Author: Marc Deslauriers
Revision Date: 2010-02-18 14:45:12 UTC

* SECURITY UPDATE: denial of service via malformed SLP message
  - debian/patches/93_security_CVE-2010-0277.patch: validate input in
    libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
  - CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
  - debian/patches/93_security_CVE-2010-0420.patch: properly unescape
    text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
    libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
  - CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
  - debian/patches/93_security_CVE-2010-0423.patch: limit the number of
    smileys in pidgin/gtkimhtml.c.
  - CVE-2010-0423