pidgin 1.2.11 backport required
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| pidgin (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
bug #1402424 (a gaping security/
https:/
Apparently releasing a security fixed version for a non-released distribution (wily) is "good enough"
This needs backporting from Wily asap.
These are the unfixed, publically disclosed vulnerabilties in the distributed version:
https:/
CVE Name Date Fixed In
Potential information leak from XMPP CVE-2014-3698 2014-10-22 2.10.10
Malicious smiley themes could alter arbitrary files CVE-2014-3697 2014-10-22 2.10.10
Remote crash parsing malformed Groupwise message CVE-2014-3696 2014-10-22 2.10.10
Remote crash parsing malformed MXit emoticon CVE-2014-3695 2014-10-22 2.10.10
Insufficient SSL certificate validation CVE-2014-3694 2014-10-22 2.10.10
| information type: | Private Security → Public |
| Micah Gersten (micahg) wrote | #1 |
| affects: | vivid-backports → pidgin (Ubuntu) |
| Changed in pidgin (Ubuntu): | |
| status: | New → Invalid |
| information type: | Public → Public Security |
These CVEs have either been fixed or are not applicable:
Here are links to all the CVE tracking information:
http://
http://
http://
http://
http://
Here's a link to the Ubuntu Security Notice that was published:
http://