Pidgin in generic hardy has been update to fix three security vulnerabilities. The patches should be applied to tpidgin for the mini. Note that pidgin for the mini is in version 1:2.4.3ubuntu1~hardy1netbook5.
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
correctly in libpurple/protocols/jabber/si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/82_security_CVE-2009-1375.patch: add an additional
check in libpurple/circbuffer.c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/83_security_CVE-2009-1376.patch: switch offset
variable to guint64 in libpurple/protocols/msn/slplink.c.
- CVE-2009-1376
pidgin (1:2.4.1-1ubuntu2.4) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
correctly in libpurple/protocols/jabber/si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/82_security_CVE-2009-1375.patch: add an additional
check in libpurple/circbuffer.c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/83_security_CVE-2009-1376.patch: switch offset
variable to guint64 in libpurple/protocols/msn/slplink.c.
- CVE-2009-1376
-- Marc Deslauriers <email address hidden> Mon, 25 May 2009 17:24:40 +0200
Pidgin in generic hardy has been update to fix three security vulnerabilities. The patches should be applied to tpidgin for the mini. Note that pidgin for the mini is in version 1:2.4.3ubuntu1~ hardy1netbook5.
pidgin (1:2.4. 1-1ubuntu2. 4) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or possible code execution in XMPP patches/ 81_security_ CVE-2009- 1373.patch: calculate lengths protocols/ jabber/ si.c. patches/ 82_security_ CVE-2009- 1375.patch: add an additional circbuffer. c. patches/ 83_security_ CVE-2009- 1376.patch: switch offset protocols/ msn/slplink. c. 1-1ubuntu2. 4) hardy-security; urgency=low
file transfer
- debian/
correctly in libpurple/
- CVE-2009-1373
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/
check in libpurple/
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/
variable to guint64 in libpurple/
- CVE-2009-1376
pidgin (1:2.4.
* SECURITY UPDATE: denial of service or possible code execution in XMPP patches/ 81_security_ CVE-2009- 1373.patch: calculate lengths protocols/ jabber/ si.c. patches/ 82_security_ CVE-2009- 1375.patch: add an additional circbuffer. c. patches/ 83_security_ CVE-2009- 1376.patch: switch offset protocols/ msn/slplink. c.
file transfer
- debian/
correctly in libpurple/
- CVE-2009-1373
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/
check in libpurple/
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/
variable to guint64 in libpurple/
- CVE-2009-1376
-- Marc Deslauriers <email address hidden> Mon, 25 May 2009 17:24:40 +0200