Ubuntu
pidgin package

lp:ubuntu/intrepid-security/pidgin

  1. Intrepid (8.10)
  2. intrepid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-security/pidgin
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

36. By Marc Deslauriers

* SECURITY UPDATE: denial of service via malformed SLP message
  - debian/patches/93_security_CVE-2010-0277.patch: validate input in
    libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
  - CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
  - debian/patches/93_security_CVE-2010-0420.patch: properly unescape
    text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
    libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
  - CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
  - debian/patches/93_security_CVE-2010-0423.patch: limit the number of
    smileys in pidgin/gtkimhtml.c.
  - CVE-2010-0423

35. By Marc Deslauriers

* SECURITY UPDATE: denial of service via TOPIC message
  - debian/patches/87_security_CVE-2009-2703.patch: validate args in
    libpurple/protocols/irc/msgs.c.
  - CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
  handling
  - debian/patches/88_security_CVE-2009-3026.patch: bail out if
    encryption is not available in libpurple/protocols/jabber/auth.c.
  - CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
  - debian/patches/89_security_CVE-2009-3083.patch: validate branch,
    content_type and content in libpurple/protocols/msn/slp.c.
  - CVE-2009-3083
* SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
  - debian/patches/90_security_CVE-2009-3085.patch: validate raw_data in
    libpurple/protocols/jabber/data.c.
  - CVE-2009-3085
* SECURITY UPDATE: denial of service via crafted contact list data
  - debian/patches/91_security_CVE-2009-3615.patch: validate contact
    list structure in libpurple/protocols/oscar/oscar.c.
  - CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
  (LP: #501089)
  - debian/patches/92_security_CVE-2010-0013.patch: ignore request for
    smileys that don't exist in the image store in
    libpurple/protocols/msn/slp.c, backport purple_strequal in
    libpurple/util.{c,h}.
  - CVE-2010-0013
* WARNING: This package does not contain the changes from
  1:2.5.2-0ubuntu1.5 that is in intrepid-proposed.

34. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
  (LP: #415863)
  - debian/patches/86_security_CVE-2009-2694.patch: properly destroy
    slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
  - CVE-2009-2694

33. By Marc Deslauriers

* SECURITY UPDATE: denial of service via ICQWebMessage message type in
  OSCAR protocol. (LP: #393736)
  - debian/patches/85_security_CVE-2009-1889.patch: make the check better
    in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
    valid in libpurple/protocols/oscar/bstream.c.
  - CVE-2009-1889

32. By Marc Deslauriers

* SECURITY UPDATE: denial of service or possible code execution in XMPP
  file transfer
  - debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
    correctly in libpurple/protocols/jabber/si.c.
  - CVE-2009-1373
* SECURITY UPDATE: denial of service in the QQ protocol decryption
  handler
  - debian/patches/82_security_CVE-2009-1374.patch: make sure count64
    hasn't reached zero in libpurple/protocols/qq/qq_crypt.c.
  - CVE-2009-1374
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
  - debian/patches/83_security_CVE-2009-1375.patch: add an additional
    check in libpurple/circbuffer.c.
  - CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
  - debian/patches/84_security_CVE-2009-1376.patch: switch offset
    variable to guint64 in libpurple/protocols/msn/slplink.c.
  - CVE-2009-1376

31. By Sebastien Bacher

* New upstream version
* debian/patches/06_ssl_null_pointer_deref.patch:
  - the change is in the new version

30. By Sebastien Bacher

* debian/prefs.xml:
  - enable the standard logging options by default (lp: #180796)

29. By Iain Lane

* debian/patches/06_ssl_null_pointer_deref.patch:
  - Backport fix from upstream MTN to fix null pointer defererence leading
    to a crash. This can be dropped if and when we get 2.5.2. (LP: #265055)

28. By Sebastien Bacher

* New upstream version
* debian/patches/70_autoconf.patch:
  - new version update

27. By Sebastien Bacher

* debian/control:
  - build-depends on ca-certificates since the configure requires the
    directory to be there during the build

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/pidgin
This branch contains Public information 
Everyone can see this information.

Subscribers