ubuntu/+source/pidgin:applied/ubuntu/quantal-updates

Last commit made on 2014-02-06
Get this branch:
git clone -b applied/ubuntu/quantal-updates https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/quantal-updates
Repository:
lp:ubuntu/+source/pidgin

Recent commits

cd88e44... by Marc Deslauriers on 2014-02-05

Import patches-applied version 1:2.10.6-0ubuntu2.3 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 2ba490b057d78b734be59f1ed7dcf290d49dfdca
Unapplied parent: f777cd40c87cd3f6420e7aa4767315aed47bb023

New changelog entries:
  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020

f777cd4... by Marc Deslauriers on 2014-02-05

fix crash via IRC argument parsing

Gbp-Pq: CVE-2014-0020.patch.

e9b8f44... by Marc Deslauriers on 2014-02-05

CVE-2013-6490.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2013-6490.patch.

d0f7fc7... by Marc Deslauriers on 2014-02-05

CVE-2013-6489.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2013-6489.patch.

757bf8f... by Marc Deslauriers on 2014-02-05

CVE-2013-6487.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2013-6487.patch.

6b82acd... by Marc Deslauriers on 2014-02-05

CVE-2013-6485.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2013-6485.patch.

794fe97... by Marc Deslauriers on 2014-02-05

CVE-2013-6484.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2013-6484.patch.

da023c3... by Marc Deslauriers on 2014-02-05

fix iq reply spoofing via incorrect from verification

Gbp-Pq: CVE-2013-6483.patch.

9117301... by Marc Deslauriers on 2014-02-05

fix crashes via MSN NULL pointer dereferences

Gbp-Pq: CVE-2013-6482.patch.

fb9ff52... by Marc Deslauriers on 2014-02-05

CVE-2013-6481.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2013-6481.patch.