ubuntu/+source/pidgin:ubuntu/intrepid-updates

Last commit made on 2010-02-22
Get this branch:
git clone -b ubuntu/intrepid-updates https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/intrepid-updates
Repository:
lp:ubuntu/+source/pidgin

Recent commits

0bf8beb... by Marc Deslauriers on 2010-02-18

Import patches-unapplied version 1:2.5.2-0ubuntu1.7 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: d4ea0b7fb6d6e3cd31b1c8137ff806c7afc6335d

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/93_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/93_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/93_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

d4ea0b7... by Marc Deslauriers on 2010-01-14

Import patches-unapplied version 1:2.5.2-0ubuntu1.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: e13ca73c96c5e855501fd4a1a01348a0ddc56d96

New changelog entries:
  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/87_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/88_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/89_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
    - debian/patches/90_security_CVE-2009-3085.patch: validate raw_data in
      libpurple/protocols/jabber/data.c.
    - CVE-2009-3085
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/91_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/92_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c, backport purple_strequal in
      libpurple/util.{c,h}.
    - CVE-2010-0013
  * WARNING: This package does not contain the changes from
    1:2.5.2-0ubuntu1.5 that is in intrepid-proposed.

e13ca73... by Marc Deslauriers on 2009-08-19

Import patches-unapplied version 1:2.5.2-0ubuntu1.4 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 19fb074622575ed6a0ca7ad73a13e6a171025d3f

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
    (LP: #415863)
    - debian/patches/86_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694

19fb074... by Marc Deslauriers on 2009-07-03

Import patches-unapplied version 1:2.5.2-0ubuntu1.3 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 9b1be1b6785b61ee0f57f03685435851104b2ce7

New changelog entries:
  * SECURITY UPDATE: denial of service via ICQWebMessage message type in
    OSCAR protocol. (LP: #393736)
    - debian/patches/85_security_CVE-2009-1889.patch: make the check better
      in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
      valid in libpurple/protocols/oscar/bstream.c.
    - CVE-2009-1889

9b1be1b... by Marc Deslauriers on 2009-05-25

Import patches-unapplied version 1:2.5.2-0ubuntu1.2 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: dbdd606eb6704d0f31a3b63e72f4198d0952a283

New changelog entries:
  * SECURITY UPDATE: denial of service or possible code execution in XMPP
    file transfer
    - debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
      correctly in libpurple/protocols/jabber/si.c.
    - CVE-2009-1373
  * SECURITY UPDATE: denial of service in the QQ protocol decryption
    handler
    - debian/patches/82_security_CVE-2009-1374.patch: make sure count64
      hasn't reached zero in libpurple/protocols/qq/qq_crypt.c.
    - CVE-2009-1374
  * SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
    - debian/patches/83_security_CVE-2009-1375.patch: add an additional
      check in libpurple/circbuffer.c.
    - CVE-2009-1375
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - debian/patches/84_security_CVE-2009-1376.patch: switch offset
      variable to guint64 in libpurple/protocols/msn/slplink.c.
    - CVE-2009-1376

dbdd606... by Didier Roche on 2009-03-10

Import patches-unapplied version 1:2.5.2-0ubuntu1.1 to ubuntu/intrepid-proposed

Imported using git-ubuntu import.

Changelog parent: a9300a8067792030cedbb6ebcaa2683afb57d59a

New changelog entries:
  * Apply patch upstream to fix connexion issue with new ICQ
    protocol: debian/patches/80_fix_ICQ_new_protocol.patch (LP: #340151)

a9300a8... by Sebastien Bacher on 2008-10-22

Import patches-unapplied version 1:2.5.2-0ubuntu1 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 5f7b4281acf1050d13262b89504f7fda7737d84c

New changelog entries:
  * New upstream version
  * debian/patches/06_ssl_null_pointer_deref.patch:
    - the change is in the new version

5f7b428... by Sebastien Bacher on 2008-10-09

Import patches-unapplied version 1:2.5.1-0ubuntu3 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: e5216c81384d81e4ef3e24f346bff4f6b32b0b15

New changelog entries:
  * debian/prefs.xml:
    - enable the standard logging options by default (lp: #180796)

e5216c8... by Iain Lane on 2008-09-19

Import patches-unapplied version 1:2.5.1-0ubuntu2 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: b2f11c501e8bfcd6fbb95a426906aa18b63b9c49

New changelog entries:
  * debian/patches/06_ssl_null_pointer_deref.patch:
    - Backport fix from upstream MTN to fix null pointer defererence leading
      to a crash. This can be dropped if and when we get 2.5.2. (LP: #265055)

b2f11c5... by Sebastien Bacher on 2008-09-16

Import patches-unapplied version 1:2.5.1-0ubuntu1 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: ca18a7227713d74a2ddd17bda09e5575fff31025

New changelog entries:
  * New upstream version
  * debian/patches/70_autoconf.patch:
    - new version update