ubuntu/+source/pidgin:applied/ubuntu/hardy-devel

Last commit made on 2010-11-04
Get this branch:
git clone -b applied/ubuntu/hardy-devel https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/hardy-devel
Repository:
lp:ubuntu/+source/pidgin

Recent commits

2642c2e... by Marc Deslauriers on 2010-11-03

Import patches-applied version 1:2.4.1-1ubuntu2.10 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 449a17e2d81e55d8149459c74fd6df37a4679ec7
Unapplied parent: 673173fed2b22695c5a2cf411cb3fdd3f7947871

New changelog entries:
  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/94_security_CVE-2010-1624.patch: make sure body is
      valid in libpurple/protocols/{msn,msnp9}/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_security_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/protocols/{jabber/auth.c,msn/slp.c,msnp9/slp.c,
      myspace/message.c,yahoo/yahoo.c}.
    - CVE-2010-3711

673173f... by Marc Deslauriers on 2010-11-03

Import patches-unapplied version 1:2.4.1-1ubuntu2.10 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: a8de9d26e08d3d1169cf5f50625e84cb1f014648

New changelog entries:
  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/94_security_CVE-2010-1624.patch: make sure body is
      valid in libpurple/protocols/{msn,msnp9}/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_security_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/protocols/{jabber/auth.c,msn/slp.c,msnp9/slp.c,
      myspace/message.c,yahoo/yahoo.c}.
    - CVE-2010-3711

449a17e... by Marc Deslauriers on 2010-02-18

Import patches-applied version 1:2.4.1-1ubuntu2.9 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 939e48b8e90c69670875a87b32e9de9b1fb3e740
Unapplied parent: a8de9d26e08d3d1169cf5f50625e84cb1f014648

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/94_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/94_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/94_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

a8de9d2... by Marc Deslauriers on 2010-02-18

Import patches-unapplied version 1:2.4.1-1ubuntu2.9 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 10ed15e4a157176750068740791b1eeca3d9c494

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/94_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/94_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/94_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

939e48b... by Marc Deslauriers on 2010-01-15

Import patches-applied version 1:2.4.1-1ubuntu2.8 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 6aa89ca1eba281e79a0c9dde2f804893e186e662
Unapplied parent: 10ed15e4a157176750068740791b1eeca3d9c494

New changelog entries:
  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/87_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/88_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/89_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c and
      libpurple/protocols/msnp9/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/90_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete
    - debian/patches/91_security_CVE-2008-2955-2.patch: change
      src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure
      still exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - previous 83_security_CVE-2009-1376.patch patch was incomplete
    - debian/patches/92_security_CVE-2009-1376-2.patch: switch offset
      variable to guint64 in libpurple/protocols/msnp9/slplink.c.
    - CVE-2009-1376
  * Fix connection issue with MSN (LP: #494002)
    - debian/patches/93_msn_protocol8.patch: use protocol v8 in
      libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported
      by msn anymore.

10ed15e... by Marc Deslauriers on 2010-01-15

Import patches-unapplied version 1:2.4.1-1ubuntu2.8 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: faeb93998f5ad1ca5a3f1317d3b697a8e9f844f5

New changelog entries:
  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/87_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/88_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/89_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c and
      libpurple/protocols/msnp9/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/90_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete
    - debian/patches/91_security_CVE-2008-2955-2.patch: change
      src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure
      still exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - previous 83_security_CVE-2009-1376.patch patch was incomplete
    - debian/patches/92_security_CVE-2009-1376-2.patch: switch offset
      variable to guint64 in libpurple/protocols/msnp9/slplink.c.
    - CVE-2009-1376
  * Fix connection issue with MSN (LP: #494002)
    - debian/patches/93_msn_protocol8.patch: use protocol v8 in
      libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported
      by msn anymore.

6aa89ca... by Chris Coulson on 2009-10-30

Import patches-applied version 1:2.4.1-1ubuntu2.7 to applied/ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 3667e9395bc67d912c6dc13aef300f67a3e88d3b
Unapplied parent: faeb93998f5ad1ca5a3f1317d3b697a8e9f844f5

New changelog entries:
  * debian/patches/86_yahoo_protocol_fix.patch:
    - Backport upstream changes to use version 16 of the Yahoo!
      Messenger Protocol. The old authentication mechanism was
      disabled, meaning that it can no longer be used for signing in
      to Yahoo! services (LP: #389322)

faeb939... by Chris Coulson on 2009-10-30

Import patches-unapplied version 1:2.4.1-1ubuntu2.7 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: dd3cab1f8ec8d9f80893b202e9bd8f22af3337ee

New changelog entries:
  * debian/patches/86_yahoo_protocol_fix.patch:
    - Backport upstream changes to use version 16 of the Yahoo!
      Messenger Protocol. The old authentication mechanism was
      disabled, meaning that it can no longer be used for signing in
      to Yahoo! services (LP: #389322)

3667e93... by Marc Deslauriers on 2009-08-19

Import patches-applied version 1:2.4.1-1ubuntu2.6 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 96dbd7c31d5be5800e67b345a0d317f192d1481b
Unapplied parent: dd3cab1f8ec8d9f80893b202e9bd8f22af3337ee

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
     (LP: #415863)
    - debian/patches/85_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694

dd3cab1... by Marc Deslauriers on 2009-08-19

Import patches-unapplied version 1:2.4.1-1ubuntu2.6 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: a32b16d6fc4dd07c2b3e2cf635bd2dfb75d6a683

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
     (LP: #415863)
    - debian/patches/85_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694