lp://qastaging/ubuntu/jaunty-security/pidgin
- Get this branch:
- bzr branch lp://qastaging/ubuntu/jaunty-security/pidgin
Branch merges
Branch information
Recent revisions
- 48. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via malformed SLP message
- debian/patches/ 85_security_ CVE-2010- 0277.patch: validate input in
libpurple/protocols/ msn/{slp. c,slpcall. c,slplink. c,slpmsg. h}.
- CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
- debian/patches/ 86_security_ CVE-2010- 0420.patch: properly unescape
text in finch/libgnt/gnttree. c, libpurple/ protocols/ bonjour/ parser. c,
libpurple/protocols/ jabber/ parser. c, libpurple/ xmlnode. c.
- CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
- debian/patches/ 87_security_ CVE-2010- 0423.patch: limit the number of
smileys in pidgin/gtkimhtml.c.
- CVE-2010-0423 - 47. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/ 79_security_ CVE-2009- 2703.patch: validate args in
libpurple/protocols/ irc/msgs. c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/ 80_security_ CVE-2009- 3026.patch: bail out if
encryption is not available in libpurple/protocols/ jabber/ auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/ 81_security_ CVE-2009- 3083.patch: validate branch,
content_type and content in libpurple/protocols/ msn/slp. c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
- debian/patches/ 82_security_ CVE-2009- 3085.patch: validate raw_data in
libpurple/protocols/ jabber/ data.c.
- CVE-2009-3085
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/ 83_security_ CVE-2009- 3615.patch: validate contact
list structure in libpurple/protocols/ oscar/oscar. c.
- CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
(LP: #501089)
- debian/patches/ 84_security_ CVE-2010- 0013.patch: ignore request for
smileys that don't exist in the image store in
libpurple/protocols/ msn/slp. c, backport purple_strequal in
libpurple/util.{c, h}.
- CVE-2010-0013 - 46. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
(LP: #415863)
- debian/patches/ 78_security_ CVE-2009- 2694.patch: properly destroy
slpmsg in libpurple/protocols/ {msn,msnp9} /slplink. c.
- CVE-2009-2694 - 45. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via ICQWebMessage message type in
OSCAR protocol. (LP: #393736)
- debian/patches/ 77_security_ CVE-2009- 1889.patch: make the check better
in libpurple/protocols/ oscar/oscar. c, only allocate memory if len is
valid in libpurple/protocols/ oscar/bstream. c.
- CVE-2009-1889 - 44. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/ 73_security_ CVE-2009- 1373.patch: calculate lengths
correctly in libpurple/protocols/ jabber/ si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in the QQ protocol decryption
handler
- debian/patches/ 74_security_ CVE-2009- 1374.patch: make sure count64
hasn't reached zero in libpurple/protocols/ qq/qq_crypt. c.
- CVE-2009-1374
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/ 75_security_ CVE-2009- 1375.patch: add an additional
check in libpurple/circbuffer. c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/ 76_security_ CVE-2009- 1376.patch: switch offset
variable to guint64 in libpurple/protocols/ msn/slplink. c.
- CVE-2009-1376 - 43. By Sebastien Bacher
-
* debian/
patches/ 72_upstream_ change_ fix_jabber_ crasher. patch:
- upstream change to fix crash on jabber when using a custom image
(lp: #357949) - 42. By Sebastien Bacher
-
* debian/
patches/ 71_upstream_ change_ fix_ssl_ crasher. patch:
- upstream change to fix a crasher issue which has lot of duplicate
(lp: #328878, #341434, #354272) - 41. By Ken VanDine
-
* debian/
patches/ 62_dbus_ fix.patch:
- The buddy list should be raised when launching a second time, this patch
from darkrain42 fixes a bug that prevented that behavior (LP: #354298) - 40. By Ken VanDine
-
* debian/
patches/ 61_crash_ on_close_ 349009. patch
- Patch from darkrain42 to fix a crasher bug triggered by closing
the buddy list with chat rooms open (LP: #349009) - 39. By Mackenzie Morgan
-
Backport fix from http://
developer. pidgin. im/ticket/ 4845
to rate limit popups when AIM buddy list is unavailable
(LP: #345774)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/karmic/pidgin