ubuntu/+source/pidgin:ubuntu/precise-devel

Last commit made on 2017-03-14
Get this branch:
git clone -b ubuntu/precise-devel https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-devel
Repository:
lp:ubuntu/+source/pidgin

Recent commits

26e5779... by Marc Deslauriers on 2017-03-13

Import patches-unapplied version 1:2.10.3-0ubuntu1.8 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: d9a5c16e7cbb8a877e19a3fd5f44f68b6a4e398a

New changelog entries:
  * SECURITY UPDATE: Out-of-bounds write when stripping xml
    - debian/patches/CVE-2017-2640.patch: improve entity processing in
      libpurple/util.c.
    - CVE-2017-2640

d9a5c16... by Marc Deslauriers on 2016-07-12

Import patches-unapplied version 1:2.10.3-0ubuntu1.7 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8e1d7bcb4d948e1efaec596b1d1f545e892d2baa

New changelog entries:
  * SECURITY UPDATE: denial of service and code execution in MXIT protocol
    - debian/patches/CVE-2016-*.patch: fix multiple issues.
    - CVE-2016-2365
    - CVE-2016-2366
    - CVE-2016-2367
    - CVE-2016-2368
    - CVE-2016-2369
    - CVE-2016-2370
    - CVE-2016-2371
    - CVE-2016-2372
    - CVE-2016-2373
    - CVE-2016-2374
    - CVE-2016-2375
    - CVE-2016-2376
    - CVE-2016-2377
    - CVE-2016-2378
    - CVE-2016-2380
    - CVE-2016-4323

8e1d7bc... by Marc Deslauriers on 2014-10-27

Import patches-unapplied version 1:2.10.3-0ubuntu1.6 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0fac1afcd4bfac9c20a14beb9e3221360c40c64f

New changelog entries:
  * SECURITY UPDATE: insufficient ssl certificate validation
    - debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
      libpurple/certificate.c, libpurple/certificate.h,
      libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
    - CVE-2014-3694
  * SECURITY UPDATE: denial of service via malformed MXit emoticon response
    - debian/patches/CVE-2014-3695.patch: properly check lengths in
      libpurple/protocols/mxit/markup.c.
    - CVE-2014-3695
  * SECURITY UPDATE: denial of service via malformed Groupwise message
    - debian/patches/CVE-2014-3696.patch: check sizes in
      libpurple/protocols/novell/nmevent.c.
    - CVE-2014-3696
  * SECURITY UPDATE: XMPP information leak
    - debian/patches/CVE-2014-3698.patch: fix leaks in
      libpurple/protocols/jabber/jutil.c.
    - CVE-2014-3698

0fac1af... by Marc Deslauriers on 2014-05-20

Import patches-unapplied version 1:2.10.3-0ubuntu1.5 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4a43c898531799d34fc18ec4af369090e4ca97a3

New changelog entries:
  * SECURITY UPDATE: memory corruption via crafted message from gadu-gadu
    file relay server
    - debian/patches/CVE-2014-3775.patch: check relay_count in
      libpurple/protocols/gg/lib/dcc7.c
    - CVE-2014-3775

4a43c89... by Marc Deslauriers on 2014-02-05

Import patches-unapplied version 1:2.10.3-0ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 675f2d4f059cc745dde7c8e4b55185f70236d4ff

New changelog entries:
  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020

675f2d4... by Marc Deslauriers on 2013-02-21

Import patches-unapplied version 1:2.10.3-0ubuntu1.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: faa5d68057fa2d49620df9b9ad7b99af22570c19

New changelog entries:
  * SECURITY UPDATE: file overwrite via MXit crafted pathname
    - debian/patches/CVE-2013-0271.patch: properly escape filenames in
      libpurple/protocols/mxit/formcmds.c,
      libpurple/protocols/mxit/splashscreen.c.
    - CVE-2013-0271
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274

faa5d68... by Ritesh Khadgaray on 2013-01-09

Import patches-unapplied version 1:2.10.3-0ubuntu1.2 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 67108bedaed9fe9e17b48e5a88c34e047695310b

New changelog entries:
  * debian/patches/pounce-webview.patch (LP: #1026442)
    - Buddy pounce - send message window too short

67108be... by Tyler Hicks on 2012-07-08

Import patches-unapplied version 1:2.10.3-0ubuntu1.1 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5b302ecc2ff0fd9b8746722a4a65f7f4d7a2edf8

New changelog entries:
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
    transfer requests (LP: #996691)
    - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
      connection attempts. Based on upstream patch.
    - CVE-2012-2214
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374

5b302ec... by Alexander Fougner on 2012-04-06

Import patches-unapplied version 1:2.10.3-0ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: b1daca458f4ae41a6931ef435c7e6178f8ca5df7

New changelog entries:
  * update to new stable release, fixes (LP: #964210)

b1daca4... by Ken VanDine on 2012-04-04

Import patches-unapplied version 1:2.10.2-1ubuntu2 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 42ff2bf486d65ab10be5263867ae697935ef8c35

New changelog entries:
  * debian/patches/70_farstream_rename.patch
    - updated patch from the upstream bug report
      http://developer.pidgin.im/ticket/14936