ubuntu/+source/pidgin:ubuntu/lucid-updates

Last commit made on 2013-02-25
Get this branch:
git clone -b ubuntu/lucid-updates https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/lucid-updates
Repository:
lp:ubuntu/+source/pidgin

Recent commits

5e6a65b... by Marc Deslauriers on 2013-02-21

Import patches-unapplied version 1:2.6.6-1ubuntu4.6 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 0cb0bb0adceff199e128630b7ed7bfa7bd103095

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274

0cb0bb0... by Tyler Hicks on 2012-07-08

Import patches-unapplied version 1:2.6.6-1ubuntu4.5 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: af5ff2faae7823586c686c3e29705cb0c3cb6a81

New changelog entries:
  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Information disclosure
    - debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
      when freeing memory containing security-sensitive data. Based on
      upstream patch.
    - CVE-2011-4922
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
      to UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374

af5ff2f... by Marc Deslauriers on 2011-11-18

Import patches-unapplied version 1:2.6.6-1ubuntu4.4 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: b168ffd19059842e8c3b55e9d835b15d254c76c2

New changelog entries:
  * SECURITY UPDATE: denial of service in Yahoo! protocol via malormed
    YMSG message
    - debian/patches/97_CVE-2011-1091.patch: validate messages in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2011-1091
  * SECURITY UPDATE: denial of service in MSN protocol via HTTP 100
    response size
    - debian/patches/97_CVE-2011-3184.patch: properly calculate size in
      libpurple/protocols/msn/httpconn.c.
    - CVE-2011-3184
  * SECURITY UPDATE: denial of service in SILC protocol via invalid UTF-8
    sequence
    - debian/patches/97_CVE-2011-3594.patch: properly handle utf-8 in
      libpurple/protocols/silc/ops.c.
    - CVE-2011-3594

b168ffd... by Chris Coulson on 2010-12-13

Import patches-unapplied version 1:2.6.6-1ubuntu4.3 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 5d91e0f8d98baac66d4f4e46d3daef2d7950b868

New changelog entries:
  * Apply upstream patch related to ICQ server changes. Thanks to
    Stephen Leavitt for digging out the patch (LP: #683076)
    - add debian/patches/95_icq_server_split_fix.patch
    - add debian/patches/96_icq_server_migration.patch

5d91e0f... by Roel Huybrechts on 2010-11-24

Import patches-unapplied version 1:2.6.6-1ubuntu4.2 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 1dd968bd39ea5962434e028fa519a04e7aa9187d

New changelog entries:
  * debian/patches/workaround-msn-ssl-failure.patch: Workaround SSL
      connectivity issues with MSN (LP: #676972)

1dd968b... by Marc Deslauriers on 2010-11-03

Import patches-unapplied version 1:2.6.6-1ubuntu4.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 70df5659d88fb839f3500cb9b1c159692b1fc6e7

New changelog entries:
  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/93_CVE-2010-1624.patch: make sure body is valid in
      libpurple/protocols/msn/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/plugins/perl/common/Util.xs,
      libpurple/protocols/{jabber/auth_digest_md5.c,msn/slp.c,
      myspace/message.c,oscar/clientlogin.c,qq/im.c,yahoo/libymsg.c}.
    - CVE-2010-3711

70df565... by Marc Deslauriers on 2010-03-09

Import patches-unapplied version 1:2.6.6-1ubuntu4 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 7ba6fc52dc46f07d6ea411b2abd16da9538213f0

New changelog entries:
  * debian/patches/92_gtkstatusicon_blink.patch: add blink support to
    GtkStatusIcon backport.
  * debian/patches/62_tray_icon_size_kde.patch: removed as no longer
    needed with GtkStatusIcon support.

7ba6fc5... by Marc Deslauriers on 2010-03-06

Import patches-unapplied version 1:2.6.6-1ubuntu3 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: cfea5c2bb57512328f2bacbc3264c0373a7f9b98

New changelog entries:
  * debian/patches/91_gtkstatusicon_backport.patch: backport GtkStatusIcon
    support to get proper icon transparency with new default theme.
    (LP: #532789)
  * debian/pidgin-data.links: symlink pixmaps to location GtkStatusIcon
    expects them to be.

cfea5c2... by Sebastien Bacher on 2010-02-23

Import patches-unapplied version 1:2.6.6-1ubuntu2 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 37af1b7a84a843709fe94ac80c05342e34a8b11f

New changelog entries:
  * debian/patches/90_icq_login_fix.patch:
    - upstream change to fix aim and icq login issues when clientlogin is used
      which is the case in empathy by default (lp: #524221, #526146)

37af1b7... by Sebastien Bacher on 2010-02-18

Import patches-unapplied version 1:2.6.6-1ubuntu1 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: cab8d1876206b8325dc69bf227f100998ba5e87f

New changelog entries:
  * Resync on Debian