pidgin 1.2.11 backport required
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
bug #1402424 (a gaping security/
https:/
Apparently releasing a security fixed version for a non-released distribution (wily) is "good enough"
This needs backporting from Wily asap.
These are the unfixed, publically disclosed vulnerabilties in the distributed version:
https:/
CVE Name Date Fixed In
Potential information leak from XMPP CVE-2014-3698 2014-10-22 2.10.10
Malicious smiley themes could alter arbitrary files CVE-2014-3697 2014-10-22 2.10.10
Remote crash parsing malformed Groupwise message CVE-2014-3696 2014-10-22 2.10.10
Remote crash parsing malformed MXit emoticon CVE-2014-3695 2014-10-22 2.10.10
Insufficient SSL certificate validation CVE-2014-3694 2014-10-22 2.10.10
information type: | Private Security → Public |
These CVEs have either been fixed or are not applicable:
Here are links to all the CVE tracking information: people. canonical. com/~ubuntu- security/ cve/2014/ CVE-2014- 3694.html people. canonical. com/~ubuntu- security/ cve/2014/ CVE-2014- 3695.html people. canonical. com/~ubuntu- security/ cve/2014/ CVE-2014- 3696.html people. canonical. com/~ubuntu- security/ cve/2014/ CVE-2014- 3697.html people. canonical. com/~ubuntu- security/ cve/2014/ CVE-2014- 3698.html
http://
http://
http://
http://
http://
Here's a link to the Ubuntu Security Notice that was published: www.ubuntu. com/usn/ usn-2390- 1
http://