lp://qastaging/ubuntu/intrepid-security/pidgin
- Get this branch:
- bzr branch lp://qastaging/ubuntu/intrepid-security/pidgin
Branch merges
Branch information
Recent revisions
- 36. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via malformed SLP message
- debian/patches/ 93_security_ CVE-2010- 0277.patch: validate input in
libpurple/protocols/ msn/{slp. c,slpcall. c,slplink. c,slpmsg. h}.
- CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
- debian/patches/ 93_security_ CVE-2010- 0420.patch: properly unescape
text in finch/libgnt/gnttree. c, libpurple/ protocols/ bonjour/ parser. c,
libpurple/protocols/ jabber/ parser. c, libpurple/ xmlnode. c.
- CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
- debian/patches/ 93_security_ CVE-2010- 0423.patch: limit the number of
smileys in pidgin/gtkimhtml.c.
- CVE-2010-0423 - 35. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/ 87_security_ CVE-2009- 2703.patch: validate args in
libpurple/protocols/ irc/msgs. c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/ 88_security_ CVE-2009- 3026.patch: bail out if
encryption is not available in libpurple/protocols/ jabber/ auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/ 89_security_ CVE-2009- 3083.patch: validate branch,
content_type and content in libpurple/protocols/ msn/slp. c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
- debian/patches/ 90_security_ CVE-2009- 3085.patch: validate raw_data in
libpurple/protocols/ jabber/ data.c.
- CVE-2009-3085
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/ 91_security_ CVE-2009- 3615.patch: validate contact
list structure in libpurple/protocols/ oscar/oscar. c.
- CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
(LP: #501089)
- debian/patches/ 92_security_ CVE-2010- 0013.patch: ignore request for
smileys that don't exist in the image store in
libpurple/protocols/ msn/slp. c, backport purple_strequal in
libpurple/util.{c, h}.
- CVE-2010-0013
* WARNING: This package does not contain the changes from
1:2.5.2-0ubuntu1. 5 that is in intrepid-proposed. - 34. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
(LP: #415863)
- debian/patches/ 86_security_ CVE-2009- 2694.patch: properly destroy
slpmsg in libpurple/protocols/ {msn,msnp9} /slplink. c.
- CVE-2009-2694 - 33. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via ICQWebMessage message type in
OSCAR protocol. (LP: #393736)
- debian/patches/ 85_security_ CVE-2009- 1889.patch: make the check better
in libpurple/protocols/ oscar/oscar. c, only allocate memory if len is
valid in libpurple/protocols/ oscar/bstream. c.
- CVE-2009-1889 - 32. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/ 81_security_ CVE-2009- 1373.patch: calculate lengths
correctly in libpurple/protocols/ jabber/ si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in the QQ protocol decryption
handler
- debian/patches/ 82_security_ CVE-2009- 1374.patch: make sure count64
hasn't reached zero in libpurple/protocols/ qq/qq_crypt. c.
- CVE-2009-1374
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/ 83_security_ CVE-2009- 1375.patch: add an additional
check in libpurple/circbuffer. c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/ 84_security_ CVE-2009- 1376.patch: switch offset
variable to guint64 in libpurple/protocols/ msn/slplink. c.
- CVE-2009-1376 - 31. By Sebastien Bacher
-
* New upstream version
* debian/patches/ 06_ssl_ null_pointer_ deref.patch:
- the change is in the new version - 30. By Sebastien Bacher
-
* debian/prefs.xml:
- enable the standard logging options by default (lp: #180796) - 29. By Iain Lane
-
* debian/
patches/ 06_ssl_ null_pointer_ deref.patch:
- Backport fix from upstream MTN to fix null pointer defererence leading
to a crash. This can be dropped if and when we get 2.5.2. (LP: #265055) - 28. By Sebastien Bacher
-
* New upstream version
* debian/patches/ 70_autoconf. patch:
- new version update - 27. By Sebastien Bacher
-
* debian/control:
- build-depends on ca-certificates since the configure requires the
directory to be there during the build
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/karmic/pidgin