ubuntu/+source/pidgin:applied/ubuntu/lucid-updates

Last commit made on 2013-02-25
Get this branch:
git clone -b applied/ubuntu/lucid-updates https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/lucid-updates
Repository:
lp:ubuntu/+source/pidgin

Recent commits

3b5057c... by Marc Deslauriers on 2013-02-21

Import patches-applied version 1:2.6.6-1ubuntu4.6 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 1076e90e378fc15ee7eb7b8c24f7935fd81e110c
Unapplied parent: 5e6a65bc975f92e94641b0f14451310696b365e0

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274

5e6a65b... by Marc Deslauriers on 2013-02-21

Import patches-unapplied version 1:2.6.6-1ubuntu4.6 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 0cb0bb0adceff199e128630b7ed7bfa7bd103095

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274

1076e90... by Tyler Hicks on 2012-07-08

Import patches-applied version 1:2.6.6-1ubuntu4.5 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 261f66efe52cac6af7c37ac539b4296f83fa5edc
Unapplied parent: 0cb0bb0adceff199e128630b7ed7bfa7bd103095

New changelog entries:
  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Information disclosure
    - debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
      when freeing memory containing security-sensitive data. Based on
      upstream patch.
    - CVE-2011-4922
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
      to UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374

0cb0bb0... by Tyler Hicks on 2012-07-08

Import patches-unapplied version 1:2.6.6-1ubuntu4.5 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: af5ff2faae7823586c686c3e29705cb0c3cb6a81

New changelog entries:
  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Information disclosure
    - debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
      when freeing memory containing security-sensitive data. Based on
      upstream patch.
    - CVE-2011-4922
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
      to UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374

261f66e... by Marc Deslauriers on 2011-11-18

Import patches-applied version 1:2.6.6-1ubuntu4.4 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: f18e21f02ac86dff4d05dde01bf341a015e31ad8
Unapplied parent: af5ff2faae7823586c686c3e29705cb0c3cb6a81

New changelog entries:
  * SECURITY UPDATE: denial of service in Yahoo! protocol via malormed
    YMSG message
    - debian/patches/97_CVE-2011-1091.patch: validate messages in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2011-1091
  * SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
    response size
    - debian/patches/97_CVE-2011-3184.patch: properly calculate size in
      libpurple/protocols/msn/httpconn.c.
    - CVE-2011-3184
  * SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
    sequence
    - debian/patches/97_CVE-2011-3594.patch: properly handle utf-8 in
      libpurple/protocols/silc/ops.c.
    - CVE-2011-3594

af5ff2f... by Marc Deslauriers on 2011-11-18

Import patches-unapplied version 1:2.6.6-1ubuntu4.4 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: b168ffd19059842e8c3b55e9d835b15d254c76c2

New changelog entries:
  * SECURITY UPDATE: denial of service in Yahoo! protocol via malormed
    YMSG message
    - debian/patches/97_CVE-2011-1091.patch: validate messages in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2011-1091
  * SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
    response size
    - debian/patches/97_CVE-2011-3184.patch: properly calculate size in
      libpurple/protocols/msn/httpconn.c.
    - CVE-2011-3184
  * SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
    sequence
    - debian/patches/97_CVE-2011-3594.patch: properly handle utf-8 in
      libpurple/protocols/silc/ops.c.
    - CVE-2011-3594

f18e21f... by Chris Coulson on 2010-12-13

Import patches-applied version 1:2.6.6-1ubuntu4.3 to applied/ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 01be0db90c1a9211218d2fbeb998a75be844486a
Unapplied parent: b168ffd19059842e8c3b55e9d835b15d254c76c2

New changelog entries:
  * Apply upstream patch related to ICQ server changes. Thanks to
    Stephen Leavitt for digging out the patch (LP: #683076)
    - add debian/patches/95_icq_server_split_fix.patch
    - add debian/patches/96_icq_server_migration.patch

b168ffd... by Chris Coulson on 2010-12-13

Import patches-unapplied version 1:2.6.6-1ubuntu4.3 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 5d91e0f8d98baac66d4f4e46d3daef2d7950b868

New changelog entries:
  * Apply upstream patch related to ICQ server changes. Thanks to
    Stephen Leavitt for digging out the patch (LP: #683076)
    - add debian/patches/95_icq_server_split_fix.patch
    - add debian/patches/96_icq_server_migration.patch

01be0db... by Roel Huybrechts on 2010-11-24

Import patches-applied version 1:2.6.6-1ubuntu4.2 to applied/ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: f71c791d61dfe445f1382a0e99d80ede65dd5bd5
Unapplied parent: 5d91e0f8d98baac66d4f4e46d3daef2d7950b868

New changelog entries:
  * debian/patches/workaround-msn-ssl-failure.patch: Workaround SSL
      connectivity issues with MSN (LP: #676972)

5d91e0f... by Roel Huybrechts on 2010-11-24

Import patches-unapplied version 1:2.6.6-1ubuntu4.2 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 1dd968bd39ea5962434e028fa519a04e7aa9187d

New changelog entries:
  * debian/patches/workaround-msn-ssl-failure.patch: Workaround SSL
      connectivity issues with MSN (LP: #676972)