ubuntu/+source/pidgin:ubuntu/quantal-updates

Last commit made on 2014-02-06
Get this branch:
git clone -b ubuntu/quantal-updates https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/quantal-updates
Repository:
lp:ubuntu/+source/pidgin

Recent commits

369ff0b... by Marc Deslauriers on 2014-02-05

Import patches-unapplied version 1:2.10.6-0ubuntu2.3 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 3f19d311945b9cfa2a957bf07f4559d12e9e031b

New changelog entries:
  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020

3f19d31... by Marc Deslauriers on 2013-02-21

Import patches-unapplied version 1:2.10.6-0ubuntu2.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: cf9af88f0b684e289db221f6635cd4ca4f2feb17

New changelog entries:
  * SECURITY UPDATE: file overwrite via MXit crafted pathname
    - debian/patches/CVE-2013-0271.patch: properly escape filenames in
      libpurple/protocols/mxit/formcmds.c,
      libpurple/protocols/mxit/splashscreen.c.
    - CVE-2013-0271
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274

cf9af88... by Ritesh Khadgaray on 2013-01-09

Import patches-unapplied version 1:2.10.6-0ubuntu2.1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 94bc7aca80240cb3ada39121669a18f309343ac5

New changelog entries:
  * debian/patches/pounce-webview.patch (LP: #1026442)
    - Buddy pounce - send message window too short

94bc7ac... by John Kim on 2012-09-12

Import patches-unapplied version 1:2.10.6-0ubuntu2 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 9ad4498263d5e496ffa632298d40c5eede266dbd

New changelog entries:
  * debian/control: fixed a typo for tcl and tk (LP: #1022935)

9ad4498... by Robert Ancell on 2012-07-08

Import patches-unapplied version 1:2.10.6-0ubuntu1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 930479ce62849465d836f34520c87e8e738cc239

New changelog entries:
  * New upstream release

930479c... by Robert Ancell on 2012-07-05

Import patches-unapplied version 1:2.10.5-0ubuntu1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 66e0e475254750b9dbfd4b62a6e57c557ab1fbb8

New changelog entries:
  * New upstream release
  * debian/libpurple0.symbols:
    - Updated
    - Remove debian revisions from symbols versions

66e0e47... by Robert Ancell on 2012-05-28

Import patches-unapplied version 1:2.10.4-0ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 1f7fc1478c611fd935cbecc50f334e3d4c2112f9

New changelog entries:
  * New upstream release
  * debian/patches/irc_disable_periodic_who.patch:
  * debian/patches/70_farstream_rename.patch:
    - Applied upstream

1f7fc14... by Robert Ancell on 2012-05-14

Import patches-unapplied version 1:2.10.3-0ubuntu2 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 5b302ecc2ff0fd9b8746722a4a65f7f4d7a2edf8

New changelog entries:
  * debian/control:
    - Drop dependency on liblaunchpad-integration-dev
  * debian/patches/02_lpi.patch:
    - Dropped, we no longer do Launchpad integration

5b302ec... by Alexander Fougner on 2012-04-06

Import patches-unapplied version 1:2.10.3-0ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: b1daca458f4ae41a6931ef435c7e6178f8ca5df7

New changelog entries:
  * update to new stable release, fixes (LP: #964210)

b1daca4... by Ken VanDine on 2012-04-04

Import patches-unapplied version 1:2.10.2-1ubuntu2 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 42ff2bf486d65ab10be5263867ae697935ef8c35

New changelog entries:
  * debian/patches/70_farstream_rename.patch
    - updated patch from the upstream bug report
      http://developer.pidgin.im/ticket/14936