Ubuntu
pidgin package

ubuntu/+source/pidgin:applied/ubuntu/natty-security

  1. Git
  2. lp:ubuntu/+source/pidgin
  3. applied/ubuntu/natty-security
Last commit made on 2012-07-09
Get this branch:
git clone -b applied/ubuntu/natty-security https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/natty-security
Repository:
lp:ubuntu/+source/pidgin

Recent commits

7c7becb... by Tyler Hicks on 2012-07-08

Import patches-applied version 1:2.7.11-1ubuntu2.2 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 15c428d9e679fe83c784ab79f1ad5220f74b5650
Unapplied parent: 1fc339922db6b176c54a39e747224f3a1cdd4851

New changelog entries:
  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to
      UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374

1fc3399... by Tyler Hicks on 2012-07-08

MXit buffer overflow

Gbp-Pq: CVE-2012-3374.patch.

f9a31e3... by Tyler Hicks on 2012-07-08

Fix a possible MSN remote crash

Gbp-Pq: CVE-2012-2318.patch.

a7f7dae... by Tyler Hicks on 2012-07-08

Fix remote crash in MSN offline instant messages

Gbp-Pq: CVE-2012-1178.patch.

5ab7e0c... by Tyler Hicks on 2012-07-08

Fix remote crash bug in SILC

Gbp-Pq: CVE-2011-4603.patch.

a19b508... by Tyler Hicks on 2012-07-08

Fix crashes when receiving crafted voice/video requests

Gbp-Pq: CVE-2011-4602.patch.

3ecc730... by Tyler Hicks on 2012-07-08

Fix remote crashes in AIM and ICQ

Gbp-Pq: CVE-2011-4601.patch.

6156d2a... by Tyler Hicks on 2012-07-08

fix denial of service in SILC protocol via invalid UTF-8 sequence

Gbp-Pq: 71_CVE-2011-3594.patch.

5509313... by Tyler Hicks on 2012-07-08

fix denial of service in MSN protocol via HTTP 100 response size

Gbp-Pq: 70_CVE-2011-3184.patch.

0555aa7... by Tyler Hicks on 2012-07-08

Upstream changes introduced in version 2.7.11-1ubuntu1

Gbp-Pq: debian-changes-2.7.11-1ubuntu1.