ubuntu/+source/pidgin:applied/ubuntu/intrepid-security

Last commit made on 2010-02-22
Get this branch:
git clone -b applied/ubuntu/intrepid-security https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/intrepid-security
Repository:
lp:ubuntu/+source/pidgin

Recent commits

34076d1... by Marc Deslauriers on 2010-02-18

Import patches-applied version 1:2.5.2-0ubuntu1.7 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 231f17dcf0d46442759ff5b9a4fd496a8db23d67
Unapplied parent: 0bf8bebf7af7e13af7448d569ac8c70991b7ed82

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/93_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/93_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/93_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

0bf8beb... by Marc Deslauriers on 2010-02-18

Import patches-unapplied version 1:2.5.2-0ubuntu1.7 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: d4ea0b7fb6d6e3cd31b1c8137ff806c7afc6335d

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/93_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/93_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/93_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

231f17d... by Marc Deslauriers on 2010-01-14

Import patches-applied version 1:2.5.2-0ubuntu1.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: c00921423bc24de7f391c04e45b0ee20eadb1928
Unapplied parent: d4ea0b7fb6d6e3cd31b1c8137ff806c7afc6335d

New changelog entries:
  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/87_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/88_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/89_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
    - debian/patches/90_security_CVE-2009-3085.patch: validate raw_data in
      libpurple/protocols/jabber/data.c.
    - CVE-2009-3085
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/91_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/92_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c, backport purple_strequal in
      libpurple/util.{c,h}.
    - CVE-2010-0013
  * WARNING: This package does not contain the changes from
    1:2.5.2-0ubuntu1.5 that is in intrepid-proposed.

d4ea0b7... by Marc Deslauriers on 2010-01-14

Import patches-unapplied version 1:2.5.2-0ubuntu1.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: e13ca73c96c5e855501fd4a1a01348a0ddc56d96

New changelog entries:
  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/87_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/88_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/89_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
    - debian/patches/90_security_CVE-2009-3085.patch: validate raw_data in
      libpurple/protocols/jabber/data.c.
    - CVE-2009-3085
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/91_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/92_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c, backport purple_strequal in
      libpurple/util.{c,h}.
    - CVE-2010-0013
  * WARNING: This package does not contain the changes from
    1:2.5.2-0ubuntu1.5 that is in intrepid-proposed.

c009214... by Marc Deslauriers on 2009-08-19

Import patches-applied version 1:2.5.2-0ubuntu1.4 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 21619fc70fe380e625ff72203b70b42935590dca
Unapplied parent: e13ca73c96c5e855501fd4a1a01348a0ddc56d96

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
    (LP: #415863)
    - debian/patches/86_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694

e13ca73... by Marc Deslauriers on 2009-08-19

Import patches-unapplied version 1:2.5.2-0ubuntu1.4 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 19fb074622575ed6a0ca7ad73a13e6a171025d3f

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
    (LP: #415863)
    - debian/patches/86_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694

21619fc... by Marc Deslauriers on 2009-07-03

Import patches-applied version 1:2.5.2-0ubuntu1.3 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 4b32c1bc7e2c16fb7733b46f252867bb9c429eb4
Unapplied parent: 19fb074622575ed6a0ca7ad73a13e6a171025d3f

New changelog entries:
  * SECURITY UPDATE: denial of service via ICQWebMessage message type in
    OSCAR protocol. (LP: #393736)
    - debian/patches/85_security_CVE-2009-1889.patch: make the check better
      in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
      valid in libpurple/protocols/oscar/bstream.c.
    - CVE-2009-1889

19fb074... by Marc Deslauriers on 2009-07-03

Import patches-unapplied version 1:2.5.2-0ubuntu1.3 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 9b1be1b6785b61ee0f57f03685435851104b2ce7

New changelog entries:
  * SECURITY UPDATE: denial of service via ICQWebMessage message type in
    OSCAR protocol. (LP: #393736)
    - debian/patches/85_security_CVE-2009-1889.patch: make the check better
      in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
      valid in libpurple/protocols/oscar/bstream.c.
    - CVE-2009-1889

4b32c1b... by Marc Deslauriers on 2009-05-25

Import patches-applied version 1:2.5.2-0ubuntu1.2 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 9496956f1670ea8c8973909809f8a89a302ae4a8
Unapplied parent: 9b1be1b6785b61ee0f57f03685435851104b2ce7

New changelog entries:
  * SECURITY UPDATE: denial of service or possible code execution in XMPP
    file transfer
    - debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
      correctly in libpurple/protocols/jabber/si.c.
    - CVE-2009-1373
  * SECURITY UPDATE: denial of service in the QQ protocol decryption
    handler
    - debian/patches/82_security_CVE-2009-1374.patch: make sure count64
      hasn't reached zero in libpurple/protocols/qq/qq_crypt.c.
    - CVE-2009-1374
  * SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
    - debian/patches/83_security_CVE-2009-1375.patch: add an additional
      check in libpurple/circbuffer.c.
    - CVE-2009-1375
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - debian/patches/84_security_CVE-2009-1376.patch: switch offset
      variable to guint64 in libpurple/protocols/msn/slplink.c.
    - CVE-2009-1376

9b1be1b... by Marc Deslauriers on 2009-05-25

Import patches-unapplied version 1:2.5.2-0ubuntu1.2 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: dbdd606eb6704d0f31a3b63e72f4198d0952a283

New changelog entries:
  * SECURITY UPDATE: denial of service or possible code execution in XMPP
    file transfer
    - debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
      correctly in libpurple/protocols/jabber/si.c.
    - CVE-2009-1373
  * SECURITY UPDATE: denial of service in the QQ protocol decryption
    handler
    - debian/patches/82_security_CVE-2009-1374.patch: make sure count64
      hasn't reached zero in libpurple/protocols/qq/qq_crypt.c.
    - CVE-2009-1374
  * SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
    - debian/patches/83_security_CVE-2009-1375.patch: add an additional
      check in libpurple/circbuffer.c.
    - CVE-2009-1375
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - debian/patches/84_security_CVE-2009-1376.patch: switch offset
      variable to guint64 in libpurple/protocols/msn/slplink.c.
    - CVE-2009-1376