ubuntu/+source/pidgin:applied/ubuntu/gutsy-devel

Last commit made on 2009-03-10
Get this branch:
git clone -b applied/ubuntu/gutsy-devel https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/gutsy-devel
Repository:
lp:ubuntu/+source/pidgin

Recent commits

c603993... by Martin Pitt on 2009-03-10

Import patches-applied version 1:2.2.1-1ubuntu4.4 to applied/ubuntu/gutsy-proposed

Imported using git-ubuntu import.

Changelog parent: afc09a0ea4973d6d33424bd2e7a61bcafaf87db6
Unapplied parent: 9ae6a51008f7854922cb74b5ae759bdc1db21753

New changelog entries:
  * Add 80_fix_ICQ_new_protocol.patch: Backport upstream patch to fix
    connection with new ICQ protocol. (LP: #340151)

9ae6a51... by Martin Pitt on 2009-03-10

Import patches-unapplied version 1:2.2.1-1ubuntu4.4 to ubuntu/gutsy-proposed

Imported using git-ubuntu import.

Changelog parent: 2f37ca072409bdf529eb43d72f188dcc00cebe3e

New changelog entries:
  * Add 80_fix_ICQ_new_protocol.patch: Backport upstream patch to fix
    connection with new ICQ protocol. (LP: #340151)

afc09a0... by Marc Deslauriers on 2008-11-20

Import patches-applied version 1:2.2.1-1ubuntu4.3 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 9afe182d0c2725dcd549ee3be88dcc12714a9ec5
Unapplied parent: 2f37ca072409bdf529eb43d72f188dcc00cebe3e

New changelog entries:
  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/99_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c by checking
      against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/99_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

2f37ca0... by Marc Deslauriers on 2008-11-20

Import patches-unapplied version 1:2.2.1-1ubuntu4.3 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 2abaf7b75e3f3275f77111ac1e9f84e06b2dd34d

New changelog entries:
  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/99_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c by checking
      against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/99_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

9afe182... by Iain Lane on 2008-07-02

Import patches-applied version 1:2.2.1-1ubuntu4.2 to applied/ubuntu/gutsy-proposed

Imported using git-ubuntu import.

Changelog parent: 1137bf5cd89849c6b853617493260b17466c4ab7
Unapplied parent: 2abaf7b75e3f3275f77111ac1e9f84e06b2dd34d

New changelog entries:
  * Apply patch from upstream to fix issue where ICQ would not connect
    (LP: #244591)

2abaf7b... by Iain Lane on 2008-07-02

Import patches-unapplied version 1:2.2.1-1ubuntu4.2 to ubuntu/gutsy-proposed

Imported using git-ubuntu import.

Changelog parent: a9ebe8326c938c1c8e4817952b0173e570913cb1

New changelog entries:
  * Apply patch from upstream to fix issue where ICQ would not connect
    (LP: #244591)

1137bf5... by Stephan Ruegamer on 2007-11-26

Import patches-applied version 1:2.2.1-1ubuntu4.1 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: af79d2cc3774ba6b27eab98449388bef5ef982f9
Unapplied parent: a9ebe8326c938c1c8e4817952b0173e570913cb1

New changelog entries:
  * SECURITY UPDATE: (LP: #158400)
    + CVE-2007-4999: libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
      logging, allows remote attackers to cause a denial of service (NULL
      dereference and application crash) via a message that contains invalid HTML
      data, a different vector than CVE-2007-4996.
  * debian/patches/99_CVE-2007-4999.patch:
    - Applied patch by upstream
    - Link: http://developer.pidgin.im/viewmtn/revision/diff/0810c68ce97a8213a5edbf5ffe7c1418915d3dfe/with/aff089bc73ecc6fe8ebbeac670db8be13511fcf4
  * References:
    CVE-2007-4999
    http://developer.pidgin.im/ticket/3436

a9ebe83... by Stephan Ruegamer on 2007-11-26

Import patches-unapplied version 1:2.2.1-1ubuntu4.1 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 7cda5891c40bff3e7cfc723608f96b76e724b3b7

New changelog entries:
  * SECURITY UPDATE: (LP: #158400)
    + CVE-2007-4999: libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
      logging, allows remote attackers to cause a denial of service (NULL
      dereference and application crash) via a message that contains invalid HTML
      data, a different vector than CVE-2007-4996.
  * debian/patches/99_CVE-2007-4999.patch:
    - Applied patch by upstream
    - Link: http://developer.pidgin.im/viewmtn/revision/diff/0810c68ce97a8213a5edbf5ffe7c1418915d3dfe/with/aff089bc73ecc6fe8ebbeac670db8be13511fcf4
  * References:
    CVE-2007-4999
    http://developer.pidgin.im/ticket/3436

af79d2c... by Sebastien Bacher on 2007-10-10

Import patches-applied version 1:2.2.1-1ubuntu4 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 93134a653a5b01ecb288778dbb29e209324e646b
Unapplied parent: 7cda5891c40bff3e7cfc723608f96b76e724b3b7

New changelog entries:
  * debian/patches/80_from_upstream_fix_irc_formatting_issue.patch:
    - patch from upstream, fix an IRC formatting issue
      (LP: #141201)

7cda589... by Sebastien Bacher on 2007-10-10

Import patches-unapplied version 1:2.2.1-1ubuntu4 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 986b01f62d3a1637b82674f70077b7e66c8f68ef

New changelog entries:
  * debian/patches/80_from_upstream_fix_irc_formatting_issue.patch:
    - patch from upstream, fix an IRC formatting issue
      (LP: #141201)