The Dell Mini Project

Please update pidgin to fix security vulnerabilities

Bug #383335 reported by Nicola Ferralis
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
The Dell Mini Project
Confirmed
Undecided
Nicolas Valcarcel

Bug Description

Pidgin in generic hardy has been update to fix three security vulnerabilities. The patches should be applied to tpidgin for the mini. Note that pidgin for the mini is in version 1:2.4.3ubuntu1~hardy1netbook5.

pidgin (1:2.4.1-1ubuntu2.4) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service or possible code execution in XMPP
    file transfer
    - debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
      correctly in libpurple/protocols/jabber/si.c.
    - CVE-2009-1373
  * SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
    - debian/patches/82_security_CVE-2009-1375.patch: add an additional
      check in libpurple/circbuffer.c.
    - CVE-2009-1375
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - debian/patches/83_security_CVE-2009-1376.patch: switch offset
      variable to guint64 in libpurple/protocols/msn/slplink.c.
    - CVE-2009-1376

 -- Marc Deslauriers <email address hidden> Mon, 25 May 2009 17:24:40 +0200

See original description
Nicola Ferralis (feranick)
description: updated
security vulnerability: no → yes
Chris Wayne (cwayne)
Changed in dell-mini:
status: New → Confirmed
Revision history for this message
Nicola Ferralis (feranick) wrote :

New security vulnerabilities in current version. Generic hardy already patched to version 1:2.4.1-1ubuntu2.6. The same patch should be applied ASAP to the mini.

CVE-2009-2694

Revision history for this message
Endrew (endrew) wrote :

No patch has been released since the last answer....Hellooooo?!?!?!
What's going on there? I'm waiting for the patch too.

Why can't the Mini users get a well supported distro for their money as the other users get for free for the official Hardy???

Revision history for this message
Nicola Ferralis (feranick) wrote : RE: [Bug 383335] Re: Please update pidgin to fix security vulnerabilities

It's not a solution, but it allows you to have a fully updated pidgin in the mini, without having to wait for the official, but never coming patch.

https://launchpad.net/~pidgin-developers/+archive/ppa

> Date: Sun, 13 Dec 2009 07:42:00 +0000
> From: <email address hidden>
> To: <email address hidden>
> Subject: [Bug 383335] Re: Please update pidgin to fix security vulnerabilities
>
> No patch has been released since the last answer....Hellooooo?!?!?!
> What's going on there? I'm waiting for the patch too.
>
> Why can't the Mini users get a well supported distro for their money as
> the other users get for free for the official Hardy???
>
> --
> Please update pidgin to fix security vulnerabilities
> https://bugs.launchpad.net/bugs/383335
> You received this bug notification because you are a direct subscriber
> of the bug.

_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/171222986/direct/01/

Chris Gregan (cgregan)
Changed in dell-mini:
assignee: nobody → Nicolas Valcárcel (nvalcarcel)
Revision history for this message
Endrew (endrew) wrote :

Thanks for the information.

Is there any official way of complaining about the quality of this Belmont? I have still the feeling that i do not get a proper up-to-date system without security holes for my money.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.