Package "pidgin-dev"
Name: |
pidgin-dev
|
Description: |
multi-protocol instant messaging client - development files
|
Latest version: |
1:2.10.3-0ubuntu1.8 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Head package: |
pidgin |
Homepage: |
http://www.pidgin.im |
Links
Download "pidgin-dev"
Other versions of "pidgin-dev" in Precise
Changelog
pidgin (1:2.10.3-0ubuntu1.8) precise-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds write when stripping xml
- debian/patches/CVE-2017-2640.patch: improve entity processing in
libpurple/util.c.
- CVE-2017-2640
-- Marc Deslauriers <email address hidden> Mon, 13 Mar 2017 14:31:38 -0400
|
Source diff to previous version |
|
pidgin (1:2.10.3-0ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and code execution in MXIT protocol
- debian/patches/CVE-2016-*.patch: fix multiple issues.
- CVE-2016-2365
- CVE-2016-2366
- CVE-2016-2367
- CVE-2016-2368
- CVE-2016-2369
- CVE-2016-2370
- CVE-2016-2371
- CVE-2016-2372
- CVE-2016-2373
- CVE-2016-2374
- CVE-2016-2375
- CVE-2016-2376
- CVE-2016-2377
- CVE-2016-2378
- CVE-2016-2380
- CVE-2016-4323
-- Marc Deslauriers <email address hidden> Tue, 12 Jul 2016 09:12:35 -0400
|
Source diff to previous version |
CVE-2016-2365 |
MXIT Markup Command Denial of Service Vulnerability |
CVE-2016-2366 |
MXIT Table Command Denial of Service Vulnerability |
CVE-2016-2367 |
MXIT Avatar Length Memory Disclosure Vulnerability |
CVE-2016-2368 |
MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities |
CVE-2016-2369 |
MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability |
CVE-2016-2370 |
MXIT Custom Resource Denial of Service Vulnerability |
CVE-2016-2371 |
MXIT Extended Profiles Code Execution Vulnerability |
CVE-2016-2372 |
MXIT File Transfer Length Memory Disclosure Vulnerability |
CVE-2016-2373 |
MXIT Contact Mood Denial of Service Vulnerability |
CVE-2016-2374 |
MXIT MultiMX Message Code Execution Vulnerability |
CVE-2016-2375 |
MXIT Suggested Contacts Memory Disclosure Vulnerability |
CVE-2016-2376 |
MXIT read stage 0x3 Code Execution Vulnerability |
CVE-2016-2377 |
MXIT HTTP Content-Length Buffer Overflow Vulnerability |
CVE-2016-2378 |
MXIT get_utf8_string Code Execution Vulnerability |
CVE-2016-2380 |
MXIT mxit_convert_markup_tx Information Leak Vulnerability |
CVE-2016-4323 |
MXIT Splash Image Arbitrary File Overwrite Vulnerability |
|
pidgin (1:2.10.3-0ubuntu1.6) precise-security; urgency=medium
* SECURITY UPDATE: insufficient ssl certificate validation
- debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
libpurple/certificate.c, libpurple/certificate.h,
libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
- CVE-2014-3694
* SECURITY UPDATE: denial of service via malformed MXit emoticon response
- debian/patches/CVE-2014-3695.patch: properly check lengths in
libpurple/protocols/mxit/markup.c.
- CVE-2014-3695
* SECURITY UPDATE: denial of service via malformed Groupwise message
- debian/patches/CVE-2014-3696.patch: check sizes in
libpurple/protocols/novell/nmevent.c.
- CVE-2014-3696
* SECURITY UPDATE: XMPP information leak
- debian/patches/CVE-2014-3698.patch: fix leaks in
libpurple/protocols/jabber/jutil.c.
- CVE-2014-3698
-- Marc Deslauriers <email address hidden> Mon, 27 Oct 2014 11:48:53 -0400
|
Source diff to previous version |
pidgin (1:2.10.3-0ubuntu1.5) precise-security; urgency=medium
* SECURITY UPDATE: memory corruption via crafted message from gadu-gadu
file relay server
- debian/patches/CVE-2014-3775.patch: check relay_count in
libpurple/protocols/gg/lib/dcc7.c
- CVE-2014-3775
-- Marc Deslauriers <email address hidden> Tue, 20 May 2014 11:11:00 -0400
|
Source diff to previous version |
|
pidgin (1:2.10.3-0ubuntu1.4) precise-security; urgency=medium
* SECURITY UPDATE: remote crash in yahoo via incorrect char encoding
- debian/patches/CVE-2012-6152.patch: validate strings as utf-8
before parsing in libpurple/protocols/yahoo/{libymsg,yahoo_aliases,
yahoo_filexfer,yahoo_friend,yahoo_picture,yahoochat}.c.
- CVE-2012-6152
* SECURITY UPDATE: crash via bad XMPP timestamp
- debian/patches/CVE-2013-6477.patch: properly handle invalid
timestamps in libpurple/{conversation,log,server}.c.
- CVE-2013-6477
* SECURITY UPDATE: crash via hovering pointer over long URL
- debian/patches/CVE-2013-6478.patch: set max lengths in
pidgin/gtkimhtml.c.
- CVE-2013-6478
* SECURITY UPDATE: remote crash via HTTP response parsing
- debian/patches/CVE-2013-6479.patch: don't implicitly trust
Content-Length in libpurple/util.c.
- CVE-2013-6479
* SECURITY UPDATE: remote crash via yahoo P2P message
- debian/patches/CVE-2013-6481.patch: perform bounds checking in
libpurple/protocols/yahoo/libymsg.c.
- CVE-2013-6481
* SECURITY UPDATE: crashes via MSN NULL pointer dereferences
- debian/patches/CVE-2013-6482.patch: fix NULL pointers in
libpurple/protocols/msn/{msg,oim,soap}.c.
- CVE-2013-6482
* SECURITY UPDATE: iq reply spoofing via incorrect from verification
- debian/patches/CVE-2013-6483.patch: verify from field on iq replies
in libpurple/protocols/jabber/{iq.*,jabber.c,jutil.*}.
- CVE-2013-6483
* SECURITY UPDATE: crash via response from STUN server
- debian/patches/CVE-2013-6484.patch: validate len in libpurple/stun.c.
- CVE-2013-6484
* SECURITY UPDATE: buffer overflow in chunked HTTP response parsing
- debian/patches/CVE-2013-6485.patch: limit chunk size in
libpurple/util.c.
- CVE-2013-6485
* SECURITY UPDATE: buffer overflow in gadu-gadu HTTP parsing
- debian/patches/CVE-2013-6487.patch: limit length in
libpurple/protocols/gg/lib/http.c.
- CVE-2013-6487
* SECURITY UPDATE: buffer overflow in MXit emoticon parsing
- debian/patches/CVE-2013-6489.patch: check return code in
libpurple/protocols/mxit/markup.c.
- CVE-2013-6489
* SECURITY UPDATE: buffer overflow in SIMPLE header parsing
- debian/patches/CVE-2013-6490.patch: use g_new in
libpurple/protocols/simple/simple.c and check length in
libpurple/protocols/simple/sipmsg.c.
- CVE-2013-6490
* SECURITY UPDATE: crash via IRC argument parsing
- debian/patches/CVE-2014-0020.patch: fix arg handling in
libpurple/protocols/irc/msgs.c, fix counts in
libpurple/protocols/irc/parse.c.
- CVE-2014-0020
-- Marc Deslauriers <email address hidden> Wed, 05 Feb 2014 15:58:24 -0500
|
About
-
Send Feedback to @ubuntu_updates