* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/87_security_CVE-2009-2703.patch: validate args in
libpurple/protocols/irc/msgs.c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/88_security_CVE-2009-3026.patch: bail out if
encryption is not available in libpurple/protocols/jabber/auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/89_security_CVE-2009-3083.patch: validate branch,
content_type and content in libpurple/protocols/msn/slp.c and
libpurple/protocols/msnp9/slp.c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/90_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: denial of service via specially formulated long
filename (LP: #245769)
- previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete
- debian/patches/91_security_CVE-2008-2955-2.patch: change
src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure
still exists before putting dest_fp in it.
- CVE-2008-2955
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- previous 83_security_CVE-2009-1376.patch patch was incomplete
- debian/patches/92_security_CVE-2009-1376-2.patch: switch offset
variable to guint64 in libpurple/protocols/msnp9/slplink.c.
- CVE-2009-1376
* Fix connection issue with MSN (LP: #494002)
- debian/patches/93_msn_protocol8.patch: use protocol v8 in
libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported
by msn anymore.
-- Marc Deslauriers <email address hidden> Fri, 15 Jan 2010 12:56:44 -0500
This bug was fixed in the package pidgin - 1:2.4.1-1ubuntu2.8
--------------- 1-1ubuntu2. 8) hardy-security; urgency=low
pidgin (1:2.4.
* SECURITY UPDATE: denial of service via TOPIC message patches/ 87_security_ CVE-2009- 2703.patch: validate args in /protocols/ irc/msgs. c. patches/ 88_security_ CVE-2009- 3026.patch: bail out if protocols/ jabber/ auth.c. patches/ 89_security_ CVE-2009- 3083.patch: validate branch, protocols/ msn/slp. c and /protocols/ msnp9/slp. c. patches/ 90_security_ CVE-2009- 3615.patch: validate contact protocols/ oscar/oscar. c. CVE-2008- 2955.patch patch was incomplete patches/ 91_security_ CVE-2008- 2955-2. patch: change protocols/ msnp9/[ slplink. c,slpcall. *] to make sure xfer structure CVE-2009- 1376.patch patch was incomplete patches/ 92_security_ CVE-2009- 1376-2. patch: switch offset protocols/ msnp9/slplink. c. patches/ 93_msn_ protocol8. patch: use protocol v8 in /protocols/ msnp9/session. c, as it seems v9 isn't supported
- debian/
libpurple
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/
encryption is not available in libpurple/
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/
content_type and content in libpurple/
libpurple
- CVE-2009-3083
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/
list structure in libpurple/
- CVE-2009-3615
* SECURITY UPDATE: denial of service via specially formulated long
filename (LP: #245769)
- previous 72_SECURITY_
- debian/
src/
still exists before putting dest_fp in it.
- CVE-2008-2955
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- previous 83_security_
- debian/
variable to guint64 in libpurple/
- CVE-2009-1376
* Fix connection issue with MSN (LP: #494002)
- debian/
libpurple
by msn anymore.
-- Marc Deslauriers <email address hidden> Fri, 15 Jan 2010 12:56:44 -0500