diff -Nru pidgin-2.4.1/debian/changelog pidgin-2.4.1/debian/changelog --- pidgin-2.4.1/debian/changelog 2008-07-10 16:37:26.000000000 +0000 +++ pidgin-2.4.1/debian/changelog 2008-07-10 16:37:29.000000000 +0000 @@ -1,3 +1,10 @@ +pidgin (1:2.4.1-1ubuntu2.2) hardy-security; urgency=low + + * debian/patches/cve-2008-2927: pidgin MSN protocol integer overflow in + slplink.c (LP: #245770, #247140) + + -- Ikuya Awashiro Thu, 10 Jul 2008 14:42:00 +0000 + pidgin (1:2.4.1-1ubuntu2.1) hardy-proposed; urgency=low * Apply patch from upstream to fix issue where ICQ would not connect diff -Nru /tmp/ki3UevMI1f/pidgin-2.4.1/debian/patches/cve-2008-2927.patch /tmp/gVl36fmzxh/pidgin-2.4.1/debian/patches/cve-2008-2927.patch --- pidgin-2.4.1/debian/patches/cve-2008-2927.patch 1970-01-01 00:00:00.000000000 +0000 +++ pidgin-2.4.1/debian/patches/cve-2008-2927.patch 2008-07-10 16:37:29.000000000 +0000 @@ -0,0 +1,24 @@ +diff -ur pidgin-2.4.1.orig/libpurple/protocols/msn/slplink.c pidgin-2.4.1/libpurple/protocols/msn/slplink.c +--- pidgin-2.4.1.orig/libpurple/protocols/msn/slplink.c 2008-03-31 17:21:24.000000000 +0000 ++++ pidgin-2.4.1/libpurple/protocols/msn/slplink.c 2008-07-10 14:39:47.000000000 +0000 +@@ -596,7 +596,7 @@ + } + else if (slpmsg->size) + { +- if ((offset + len) > slpmsg->size) ++ if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size) + { + purple_debug_error("msn", "Oversized slpmsg - msgsize=%lld offset=%d len=%d\n", slpmsg->size, offset, len); + g_return_if_reached(); +diff -ur pidgin-2.4.1.orig/libpurple/protocols/msnp9/slplink.c pidgin-2.4.1/libpurple/protocols/msnp9/slplink.c +--- pidgin-2.4.1.orig/libpurple/protocols/msnp9/slplink.c 2008-03-31 17:21:24.000000000 +0000 ++++ pidgin-2.4.1/libpurple/protocols/msnp9/slplink.c 2008-07-10 14:40:21.000000000 +0000 +@@ -595,7 +595,7 @@ + } + else if (slpmsg->size) + { +- if ((offset + len) > slpmsg->size) ++ if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size) + { + purple_debug_error("msn", "Oversized slpmsg\n"); + g_return_if_reached();