ubuntu/+source/pidgin:ubuntu/saucy-updates

Last commit made on 2014-05-21
Get this branch:
git clone -b ubuntu/saucy-updates https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/saucy-updates
Repository:
lp:ubuntu/+source/pidgin

Recent commits

5e0eed1... by Marc Deslauriers on 2014-05-20

Import patches-unapplied version 1:2.10.7-0ubuntu4.1.13.10.2 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 60b7780218cf06bd2a1fa2618d1c656e90834afd

New changelog entries:
  * SECURITY UPDATE: memory corruption via crafted message from gadu-gadu
    file relay server
    - debian/patches/CVE-2014-3775.patch: check relay_count in
      libpurple/protocols/gg/lib/dcc7.c
    - CVE-2014-3775

60b7780... by Marc Deslauriers on 2014-02-05

Import patches-unapplied version 1:2.10.7-0ubuntu4.1.13.10.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 102488f755ee519c73a33b088f8d4e5bfbfa1406

New changelog entries:
  * SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
    - debian/patches/CVE-2012-6152.patch: validate strings as utf-8
      before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
      yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
    - CVE-2012-6152
  * SECURITY UPDATE: crash via bad XMPP timestamp
    - debian/patches/CVE-2013-6477.patch: properly handle invalid
      timestamps in libpurple/{conversation,log,server}.c.
    - CVE-2013-6477
  * SECURITY UPDATE: crash via hovering pointer over long URL
    - debian/patches/CVE-2013-6478.patch: set max lengths in
      pidgin/gtkimhtml.c.
    - CVE-2013-6478
  * SECURITY UPDATE: remote crash via HTTP response parsing
    - debian/patches/CVE-2013-6479.patch: don't implicitly trust
      Content-Length in libpurple/util.c.
    - CVE-2013-6479
  * SECURITY UPDATE: remote crash via yahoo P2P message
    - debian/patches/CVE-2013-6481.patch: perform bounds checking in
      libpurple/protocols/yahoo/libymsg.c.
    - CVE-2013-6481
  * SECURITY UPDATE: crashes via MSN NULL pointer dereferences
    - debian/patches/CVE-2013-6482.patch: fix NULL pointers in
      libpurple/protocols/msn/{msg,oim,soap}.c.
    - CVE-2013-6482
  * SECURITY UPDATE: iq reply spoofing via incorrect from verification
    - debian/patches/CVE-2013-6483.patch: verify from field on iq replies
      in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
    - CVE-2013-6483
  * SECURITY UPDATE: crash via response from STUN server
    - debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
    - CVE-2013-6484
  * SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
    - debian/patches/CVE-2013-6485.patch: limit chunk size in
      libpurple/util.c.
    - CVE-2013-6485
  * SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
    - debian/patches/CVE-2013-6487.patch: limit length in
      libpurple/protocols/gg/lib/http.c.
    - CVE-2013-6487
  * SECURITY UPDATE: buffer overflow in MXit emoticon parsing
    - debian/patches/CVE-2013-6489.patch: check return code in
      libpurple/protocols/mxit/markup.c.
    - CVE-2013-6489
  * SECURITY UPDATE: buffer overflow in SIMPLE header parsing
    - debian/patches/CVE-2013-6490.patch: use g_new in
      libpurple/protocols/simple/simple.c and check length in
      libpurple/protocols/simple/sipmsg.c.
    - CVE-2013-6490
  * SECURITY UPDATE: crash via IRC argument parsing
    - debian/patches/CVE-2014-0020.patch: fix arg handling in
      libpurple/protocols/irc/msgs.c, fix counts in
      libpurple/protocols/irc/parse.c.
    - CVE-2014-0020

102488f... by Robert Hooker on 2013-04-20

Import patches-unapplied version 1:2.10.7-0ubuntu4.1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 54cfdde64e0f66b6a82a815e38dfa1cb394b548d

New changelog entries:
  * Add hg-remove-SIGCHLD-handler.patch: Fix hanging on startup.
    Backport of upstream commit from 3.0 (LP: #1108056)

54cfdde... by Daniel T Chen on 2013-04-02

Import patches-unapplied version 1:2.10.7-0ubuntu4 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 820eecb33fdbe4dd079541cb3083f54475bde5dd

New changelog entries:
  * Specified multiarch Tcl location, fixing FTBFS.

820eecb... by Sebastien Bacher on 2013-02-28

Import patches-unapplied version 1:2.10.7-0ubuntu3 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 090f4ff51df37524022dbddb1acc3530f5c33af6

New changelog entries:
  * debian/patches/hg_no_cap_segfault.patch:
    - don't segfault when checking capabilities of contacts (lp: #1128768)

090f4ff... by Didier Roche on 2013-02-21

Import patches-unapplied version 1:2.10.7-0ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 1e07373c008c7ecf8af65d8e41c9d1f42a278010

New changelog entries:
  * debian/patches/git_pidgin-fix-irc.patch:
    - upstream patch for being able to use IRC with pidgin for those kind
      of users… (LP: #1128273)

1e07373... by Sebastien Bacher on 2013-02-13

Import patches-unapplied version 1:2.10.7-0ubuntu1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: bff11bfc6c57dbd0dbb1345aba5340062b515d01

New changelog entries:
  * New upstream version, includes fixes for those security issues:
    CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274
  * debian/patches/libnssckbi_path.patch:
    - dropped, the code has been replaced in the new version

bff11bf... by Ritesh Khadgaray on 2013-01-09

Import patches-unapplied version 1:2.10.6-0ubuntu4 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 76423d3d7c28944311fbdb2418f148dd7ba68538

New changelog entries:
  * debian/patches/pounce-webview.patch (LP: #1026442)
    - Buddy pounce - send message window too short

76423d3... by Sebastien Bacher on 2012-11-16

Import patches-unapplied version 1:2.10.6-0ubuntu3 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 94bc7aca80240cb3ada39121669a18f309343ac5

New changelog entries:
  * debian/patches/xmessagingmenu.patch:
    - use X-MessagingMenu-UsesChatSection in the desktop entry (lp: #1040259)

94bc7ac... by John Kim on 2012-09-12

Import patches-unapplied version 1:2.10.6-0ubuntu2 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 9ad4498263d5e496ffa632298d40c5eede266dbd

New changelog entries:
  * debian/control: fixed a typo for tcl and tk (LP: #1022935)