lp:ubuntu/hardy-security/pidgin
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/pidgin
Branch merges
Branch information
Recent revisions
- 28. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via custom emoticon
- debian/patches/ 94_security_ CVE-2010- 1624.patch: make sure body is
valid in libpurple/protocols/ {msn,msnp9} /slp.c.
- CVE-2010-1624
* SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
- debian/patches/ 94_security_ CVE-2010- 3711.patch: correctly handle
purple_base64_ decode return codes in libpurple/ntlm.c,
libpurple/protocols/ {jabber/ auth.c, msn/slp. c,msnp9/ slp.c,
myspace/message. c,yahoo/ yahoo.c} .
- CVE-2010-3711 - 27. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via malformed SLP message
- debian/patches/ 94_security_ CVE-2010- 0277.patch: validate input in
libpurple/protocols/ msn/{slp. c,slpcall. c,slplink. c,slpmsg. h}.
- CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
- debian/patches/ 94_security_ CVE-2010- 0420.patch: properly unescape
text in finch/libgnt/gnttree. c, libpurple/ protocols/ bonjour/ parser. c,
libpurple/protocols/ jabber/ parser. c, libpurple/ xmlnode. c.
- CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
- debian/patches/ 94_security_ CVE-2010- 0423.patch: limit the number of
smileys in pidgin/gtkimhtml.c.
- CVE-2010-0423 - 26. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/ 87_security_ CVE-2009- 2703.patch: validate args in
libpurple/protocols/ irc/msgs. c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/ 88_security_ CVE-2009- 3026.patch: bail out if
encryption is not available in libpurple/protocols/ jabber/ auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/ 89_security_ CVE-2009- 3083.patch: validate branch,
content_type and content in libpurple/protocols/ msn/slp. c and
libpurple/protocols/ msnp9/slp. c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/ 90_security_ CVE-2009- 3615.patch: validate contact
list structure in libpurple/protocols/ oscar/oscar. c.
- CVE-2009-3615
* SECURITY UPDATE: denial of service via specially formulated long
filename (LP: #245769)
- previous 72_SECURITY_CVE-2008- 2955.patch patch was incomplete
- debian/patches/ 91_security_ CVE-2008- 2955-2. patch: change
src/protocols/ msnp9/[ slplink. c,slpcall. *] to make sure xfer structure
still exists before putting dest_fp in it.
- CVE-2008-2955
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- previous 83_security_CVE-2009- 1376.patch patch was incomplete
- debian/patches/ 92_security_ CVE-2009- 1376-2. patch: switch offset
variable to guint64 in libpurple/protocols/ msnp9/slplink. c.
- CVE-2009-1376
* Fix connection issue with MSN (LP: #494002)
- debian/patches/ 93_msn_ protocol8. patch: use protocol v8 in
libpurple/protocols/ msnp9/session. c, as it seems v9 isn't supported
by msn anymore. - 25. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
(LP: #415863)
- debian/patches/ 85_security_ CVE-2009- 2694.patch: properly destroy
slpmsg in libpurple/protocols/ {msn,msnp9} /slplink. c.
- CVE-2009-2694 - 24. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via ICQWebMessage message type in
OSCAR protocol. (LP: #393736)
- debian/patches/ 84_security_ CVE-2009- 1889.patch: make the check better
in libpurple/protocols/ oscar/oscar. c, only allocate memory if len is
valid in libpurple/protocols/ oscar/bstream. c.
- CVE-2009-1889 - 23. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/ 81_security_ CVE-2009- 1373.patch: calculate lengths
correctly in libpurple/protocols/ jabber/ si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/ 82_security_ CVE-2009- 1375.patch: add an additional
check in libpurple/circbuffer. c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/ 83_security_ CVE-2009- 1376.patch: switch offset
variable to guint64 in libpurple/protocols/ msn/slplink. c.
- CVE-2009-1376 - 22. By Marc Deslauriers
-
* SECURITY UPDATE: code execution via integer overflow in the MSN protocol
handler (LP: #245770)
- debian/patches/ 71_SECURITY_ CVE-2008- 2927.patch: fix
msn_slplink_ process_ msg() in src/protocols/ msn/slplink. c and src/
protocols/msnp9/slplink. c by checking against maximum size G_MAXSIZE.
- CVE-2008-2927
* SECURITY UPDATE: denial of service via specially formulated long
filename (LP: #245769)
- debian/patches/ 72_SECURITY_ CVE-2008- 2955.patch: change
src/protocols/ msn/[slplink. c,slpcall. *] to make sure xfer structure still
exists before putting dest_fp in it.
- CVE-2008-2955
* SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
URL in UPnP functionality (LP: #245769)
- debian/patches/ 73_SECURITY_ CVE-2008- 2957.patch: modified
libpurple/[upnp.c, util.*] to add purple_ util_fetch_ url_request_ len() in
order to limit http downloads to 128k.
- CVE-2008-2957
* SECURITY UPDATE: man in the middle attack from lack of certificate
validation in nss plugin (LP: #251304)
- debian/patches/ 74_SECURITY_ CVE-2008- 3532.patch: modified
libpurple/plugins/ ssl/ssl- nss.c to add certificate validation code.
- CVE-2008-3532 - 20. By Pedro Fragoso
-
* Sync with Debian, remaining Ubuntu changes; (LP: #211769)
- debian/control:
+ Set Maintainer to Ubuntu Core Developers.
+ Add build-deps on liblaunchpad-integration- dev, intltool,
libnm-glib-dev (for --enable-nm)
+ Drop build-deps on libsilc-1.1-2-dev | libsilc-dev (>= 1.1.1) as
this library is in universe.
+ Drop the libpurple0 recommends on libpurple-bin.
+ Add a gaim transitionnal package for upgrades.
+ Moved finch's libx11-6 dependency to Suggests
- Ship compatibility symlinks via debian/gaim.links
- debian/rules:
+ Pass --enable-nm to configure to enable NetworkManager support
+ Pass --disable-silc to configure to disable silc support even if
it's installed in the build environment.
+ Add X-Ubuntu-Gettext- Domain to the desktop file and update the
translation templates in common-install- impl::.
+ Added necessary arguments to dh_shlibdeps for finch
- Update debian/prefs.xml to set the notify plugin prefs
/plugins/gtk/X11/ notify/ * and set /pidgin/ plugins/ loaded to load
the notify plugin
- debian/patches:
+ 02_lpi for LP integration
+ 04_let_crasher_ for_apport to stop catching the SIGSEGV signal
and let apport handle it
+ 05_default_to_irc_ ubuntu_ com to set the default IRC
server to irc.ubuntu.com.
+ 70_autoconf patch - 19. By Adrien Cunin
-
* Moved finch's libx11-6 dependency to Suggests: (LP: #195718)
- debian/rules: added necessary arguments to dh_shlibdeps
- debian/control: added Suggests: ${shlibs:Suggests}
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/pidgin