ubuntu/+source/pidgin:applied/ubuntu/jaunty-updates

Last commit made on 2010-02-22
Get this branch:
git clone -b applied/ubuntu/jaunty-updates https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/jaunty-updates
Repository:
lp:ubuntu/+source/pidgin

Recent commits

2ca5e5a... by Marc Deslauriers on 2010-02-18

Import patches-applied version 1:2.5.5-1ubuntu8.6 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 0a14e092f425b8e9bb088fc7da25a6a5337522b1
Unapplied parent: ca715f0091a79c0fc2a4efc5b31cda2bbfaef3ca

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/85_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/86_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/87_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

ca715f0... by Marc Deslauriers on 2010-02-18

Import patches-unapplied version 1:2.5.5-1ubuntu8.6 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: baf18c933dc975091bd97c3b0cfd29b6a7d66dca

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/85_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/86_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/87_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

0a14e09... by Marc Deslauriers on 2010-01-14

Import patches-applied version 1:2.5.5-1ubuntu8.5 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: ad04469129834ff795fd6ddc51cd77615bed4af2
Unapplied parent: baf18c933dc975091bd97c3b0cfd29b6a7d66dca

New changelog entries:
  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/79_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/80_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/81_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
    - debian/patches/82_security_CVE-2009-3085.patch: validate raw_data in
      libpurple/protocols/jabber/data.c.
    - CVE-2009-3085
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/83_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/84_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c, backport purple_strequal in
      libpurple/util.{c,h}.
    - CVE-2010-0013

baf18c9... by Marc Deslauriers on 2010-01-14

Import patches-unapplied version 1:2.5.5-1ubuntu8.5 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 375e3de6fc0e195388e8f8e4602924383c5fd2ae

New changelog entries:
  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/79_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/80_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/81_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
    - debian/patches/82_security_CVE-2009-3085.patch: validate raw_data in
      libpurple/protocols/jabber/data.c.
    - CVE-2009-3085
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/83_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/84_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c, backport purple_strequal in
      libpurple/util.{c,h}.
    - CVE-2010-0013

ad04469... by Marc Deslauriers on 2009-08-19

Import patches-applied version 1:2.5.5-1ubuntu8.4 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: a99012255cb45b155481d62c3404e599585418c3
Unapplied parent: 375e3de6fc0e195388e8f8e4602924383c5fd2ae

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
    (LP: #415863)
    - debian/patches/78_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694

375e3de... by Marc Deslauriers on 2009-08-19

Import patches-unapplied version 1:2.5.5-1ubuntu8.4 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 0727c238b05daeebb362b16554da33b12adf6bd0

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
    (LP: #415863)
    - debian/patches/78_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694

a990122... by Marc Deslauriers on 2009-07-03

Import patches-applied version 1:2.5.5-1ubuntu8.3 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 1643042388ba29afbf314bf45f8e3c060867d008
Unapplied parent: 0727c238b05daeebb362b16554da33b12adf6bd0

New changelog entries:
  * SECURITY UPDATE: denial of service via ICQWebMessage message type in
    OSCAR protocol. (LP: #393736)
    - debian/patches/77_security_CVE-2009-1889.patch: make the check better
      in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
      valid in libpurple/protocols/oscar/bstream.c.
    - CVE-2009-1889

0727c23... by Marc Deslauriers on 2009-07-03

Import patches-unapplied version 1:2.5.5-1ubuntu8.3 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: ccb89420dae9b8431b2706812820739139d54116

New changelog entries:
  * SECURITY UPDATE: denial of service via ICQWebMessage message type in
    OSCAR protocol. (LP: #393736)
    - debian/patches/77_security_CVE-2009-1889.patch: make the check better
      in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
      valid in libpurple/protocols/oscar/bstream.c.
    - CVE-2009-1889

1643042... by Iain Lane on 2009-06-25

Import patches-applied version 1:2.5.5-1ubuntu8.2 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 0d38a3bb2ca607aaa4dffe0f7c8ff9f76adbb4fd
Unapplied parent: ccb89420dae9b8431b2706812820739139d54116

New changelog entries:
  * debian/patches/50_yahoo_16_auth.patch: Add patch backported from upstream
    version 2.5.7 to fix connection problems connection to Yahoo! instant
    messenger. Previous versions of pidgin were using an old authentication
    method which was disabled by Yahoo!. This patch switches to using the new
    authentication method, version 16. (LP: #389322) References:
    - http://theflamingbanker.blogspot.com/2009/06/some-clarification-on-yahoo-issues.html
    - http://developer.pidgin.im/ticket/8853

ccb8942... by Iain Lane on 2009-06-25

Import patches-unapplied version 1:2.5.5-1ubuntu8.2 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 589abef10b6014706971c8610e03cc466e82d7a2

New changelog entries:
  * debian/patches/50_yahoo_16_auth.patch: Add patch backported from upstream
    version 2.5.7 to fix connection problems connection to Yahoo! instant
    messenger. Previous versions of pidgin were using an old authentication
    method which was disabled by Yahoo!. This patch switches to using the new
    authentication method, version 16. (LP: #389322) References:
    - http://theflamingbanker.blogspot.com/2009/06/some-clarification-on-yahoo-issues.html
    - http://developer.pidgin.im/ticket/8853