Ubuntu
pidgin package

lp://qastaging/ubuntu/jaunty-security/pidgin

  1. Jaunty (9.04)
  2. jaunty-security
Created by James Westby and last modified
Get this branch:
bzr branch lp://qastaging/ubuntu/jaunty-security/pidgin
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

48. By Marc Deslauriers

* SECURITY UPDATE: denial of service via malformed SLP message
  - debian/patches/85_security_CVE-2010-0277.patch: validate input in
    libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
  - CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
  - debian/patches/86_security_CVE-2010-0420.patch: properly unescape
    text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
    libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
  - CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
  - debian/patches/87_security_CVE-2010-0423.patch: limit the number of
    smileys in pidgin/gtkimhtml.c.
  - CVE-2010-0423

47. By Marc Deslauriers

* SECURITY UPDATE: denial of service via TOPIC message
  - debian/patches/79_security_CVE-2009-2703.patch: validate args in
    libpurple/protocols/irc/msgs.c.
  - CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
  handling
  - debian/patches/80_security_CVE-2009-3026.patch: bail out if
    encryption is not available in libpurple/protocols/jabber/auth.c.
  - CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
  - debian/patches/81_security_CVE-2009-3083.patch: validate branch,
    content_type and content in libpurple/protocols/msn/slp.c.
  - CVE-2009-3083
* SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
  - debian/patches/82_security_CVE-2009-3085.patch: validate raw_data in
    libpurple/protocols/jabber/data.c.
  - CVE-2009-3085
* SECURITY UPDATE: denial of service via crafted contact list data
  - debian/patches/83_security_CVE-2009-3615.patch: validate contact
    list structure in libpurple/protocols/oscar/oscar.c.
  - CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
  (LP: #501089)
  - debian/patches/84_security_CVE-2010-0013.patch: ignore request for
    smileys that don't exist in the image store in
    libpurple/protocols/msn/slp.c, backport purple_strequal in
    libpurple/util.{c,h}.
  - CVE-2010-0013

46. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
  (LP: #415863)
  - debian/patches/78_security_CVE-2009-2694.patch: properly destroy
    slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
  - CVE-2009-2694

45. By Marc Deslauriers

* SECURITY UPDATE: denial of service via ICQWebMessage message type in
  OSCAR protocol. (LP: #393736)
  - debian/patches/77_security_CVE-2009-1889.patch: make the check better
    in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
    valid in libpurple/protocols/oscar/bstream.c.
  - CVE-2009-1889

44. By Marc Deslauriers

* SECURITY UPDATE: denial of service or possible code execution in XMPP
  file transfer
  - debian/patches/73_security_CVE-2009-1373.patch: calculate lengths
    correctly in libpurple/protocols/jabber/si.c.
  - CVE-2009-1373
* SECURITY UPDATE: denial of service in the QQ protocol decryption
  handler
  - debian/patches/74_security_CVE-2009-1374.patch: make sure count64
    hasn't reached zero in libpurple/protocols/qq/qq_crypt.c.
  - CVE-2009-1374
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
  - debian/patches/75_security_CVE-2009-1375.patch: add an additional
    check in libpurple/circbuffer.c.
  - CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
  - debian/patches/76_security_CVE-2009-1376.patch: switch offset
    variable to guint64 in libpurple/protocols/msn/slplink.c.
  - CVE-2009-1376

43. By Sebastien Bacher

* debian/patches/72_upstream_change_fix_jabber_crasher.patch:
  - upstream change to fix crash on jabber when using a custom image
    (lp: #357949)

42. By Sebastien Bacher

* debian/patches/71_upstream_change_fix_ssl_crasher.patch:
  - upstream change to fix a crasher issue which has lot of duplicate
    (lp: #328878, #341434, #354272)

41. By Ken VanDine

* debian/patches/62_dbus_fix.patch:
  - The buddy list should be raised when launching a second time, this patch
    from darkrain42 fixes a bug that prevented that behavior (LP: #354298)

40. By Ken VanDine

* debian/patches/61_crash_on_close_349009.patch
  - Patch from darkrain42 to fix a crasher bug triggered by closing
    the buddy list with chat rooms open (LP: #349009)

39. By Mackenzie Morgan

Backport fix from http://developer.pidgin.im/ticket/4845
to rate limit popups when AIM buddy list is unavailable
(LP: #345774)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://qastaging/ubuntu/karmic/pidgin
This branch contains Public information 
Everyone can see this information.

Subscribers