-
pidgin (1:2.5.5-1ubuntu8.6) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service via malformed SLP message
- debian/patches/85_security_CVE-2010-0277.patch: validate input in
libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
- CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
- debian/patches/86_security_CVE-2010-0420.patch: properly unescape
text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
- CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
- debian/patches/87_security_CVE-2010-0423.patch: limit the number of
smileys in pidgin/gtkimhtml.c.
- CVE-2010-0423
-- Marc Deslauriers <email address hidden> Thu, 18 Feb 2010 14:37:45 -0500
-
pidgin (1:2.5.5-1ubuntu8.5) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service via TOPIC message
- debian/patches/79_security_CVE-2009-2703.patch: validate args in
libpurple/protocols/irc/msgs.c.
- CVE-2009-2703
* SECURITY UPDATE: information disclosure via incorrect jabber TLS
handling
- debian/patches/80_security_CVE-2009-3026.patch: bail out if
encryption is not available in libpurple/protocols/jabber/auth.c.
- CVE-2009-3026
* SECURITY UPDATE: denial of service via malformed SLP invite message
- debian/patches/81_security_CVE-2009-3083.patch: validate branch,
content_type and content in libpurple/protocols/msn/slp.c.
- CVE-2009-3083
* SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
- debian/patches/82_security_CVE-2009-3085.patch: validate raw_data in
libpurple/protocols/jabber/data.c.
- CVE-2009-3085
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/83_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
(LP: #501089)
- debian/patches/84_security_CVE-2010-0013.patch: ignore request for
smileys that don't exist in the image store in
libpurple/protocols/msn/slp.c, backport purple_strequal in
libpurple/util.{c,h}.
- CVE-2010-0013
-- Marc Deslauriers <email address hidden> Thu, 14 Jan 2010 13:31:58 -0500
-
pidgin (1:2.5.5-1ubuntu8.4) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
(LP: #415863)
- debian/patches/78_security_CVE-2009-2694.patch: properly destroy
slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
- CVE-2009-2694
-- Marc Deslauriers <email address hidden> Wed, 19 Aug 2009 12:49:11 -0400
-
pidgin (1:2.5.5-1ubuntu8.3) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service via ICQWebMessage message type in
OSCAR protocol. (LP: #393736)
- debian/patches/77_security_CVE-2009-1889.patch: make the check better
in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
valid in libpurple/protocols/oscar/bstream.c.
- CVE-2009-1889
-- Marc Deslauriers <email address hidden> Fri, 03 Jul 2009 11:04:38 -0400
-
pidgin (1:2.5.5-1ubuntu8.2) jaunty-proposed; urgency=low
* debian/patches/50_yahoo_16_auth.patch: Add patch backported from upstream
version 2.5.7 to fix connection problems connection to Yahoo! instant
messenger. Previous versions of pidgin were using an old authentication
method which was disabled by Yahoo!. This patch switches to using the new
authentication method, version 16. (LP: #389322) References:
- http://theflamingbanker.blogspot.com/2009/06/some-clarification-on-yahoo-issues.html
- http://developer.pidgin.im/ticket/8853
-- Iain Lane <email address hidden> Thu, 25 Jun 2009 13:27:48 +0100
-
pidgin (1:2.5.5-1ubuntu8.1) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/73_security_CVE-2009-1373.patch: calculate lengths
correctly in libpurple/protocols/jabber/si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in the QQ protocol decryption
handler
- debian/patches/74_security_CVE-2009-1374.patch: make sure count64
hasn't reached zero in libpurple/protocols/qq/qq_crypt.c.
- CVE-2009-1374
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/75_security_CVE-2009-1375.patch: add an additional
check in libpurple/circbuffer.c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/76_security_CVE-2009-1376.patch: switch offset
variable to guint64 in libpurple/protocols/msn/slplink.c.
- CVE-2009-1376
-- Marc Deslauriers <email address hidden> Mon, 25 May 2009 14:27:06 +0200
-
pidgin (1:2.5.5-1ubuntu8) jaunty; urgency=low
* debian/patches/72_upstream_change_fix_jabber_crasher.patch:
- upstream change to fix crash on jabber when using a custom image
(lp: #357949)
-- Sebastien Bacher <email address hidden> Thu, 09 Apr 2009 18:12:03 +0200
-
pidgin (1:2.5.5-1ubuntu7) jaunty; urgency=low
* debian/patches/71_upstream_change_fix_ssl_crasher.patch:
- upstream change to fix a crasher issue which has lot of duplicate
(lp: #328878, #341434, #354272)
-- Sebastien Bacher <email address hidden> Thu, 09 Apr 2009 00:21:58 +0200
-
pidgin (1:2.5.5-1ubuntu6) jaunty; urgency=low
* debian/patches/62_dbus_fix.patch:
- The buddy list should be raised when launching a second time, this patch
from darkrain42 fixes a bug that prevented that behavior (LP: #354298)
-- Ken VanDine <email address hidden> Wed, 08 Apr 2009 14:00:07 -0400
-
pidgin (1:2.5.5-1ubuntu5) jaunty; urgency=low
* debian/patches/61_crash_on_close_349009.patch
- Patch from darkrain42 to fix a crasher bug triggered by closing
the buddy list with chat rooms open (LP: #349009)
pidgin (1:2.5.5-1ubuntu4) jaunty; urgency=low
* Adding debian/patches/13_sounds_and_timers.patch which adjusts
the time out for sounds to be 15 seconds, which helps get
fewer spurious login notifications on slow connections. Also,
switches a few long term timers to _add_seconds to get a little
bit of power savings. (LP: #345494)
-- Ken VanDine <email address hidden> Wed, 01 Apr 2009 14:43:23 -0400
-
pidgin (1:2.5.5-1ubuntu3) jaunty; urgency=low
* Backport fix from http://developer.pidgin.im/ticket/4845
to rate limit popups when AIM buddy list is unavailable
(LP: #345774)
-- Mackenzie Morgan <email address hidden> Sun, 22 Mar 2009 05:22:39 -0400
-
pidgin (1:2.5.5-1ubuntu2) jaunty; urgency=low
* Adding debian/patches/11_buddy_list_really_show.patch to make
it so that the buddy list tries harder to appear. This fixes
some issues with it not appearing. (LP: #341142)
* Adding debian/patches/10_docklet_default_off.patch to set the
default behavior to have no notification area icon. This fixes
(LP: #340366)
-- Ted Gould <email address hidden> Thu, 19 Mar 2009 00:49:56 -0500
-
pidgin (1:2.5.5-1ubuntu1) jaunty; urgency=low
* Merge from debian, remaining changes: (LP: #316636, #336647)
- debian/control:
+ Add Build-Deps on liblaunchpad-integration-dev, intltool,
network-manager-dev
+ Add epoch in dependencies
+ Drop the libpurple0 dependency on libpurple-bin
- debian/libpurple0.symbols: add epoch to symbol
- debian/pidgin-dbg.preinst, debian/pidgin-dev.preinst,
debian/pidgin.preinst: add epoch
- Update debian/prefs.xml to set the notify plugin prefs
/plugins/gtk/X11/notify/*, set /pidgin/plugins/loaded to load
the notify plugin and enable the standard logging options by default
- debian/rules:
+ remove --disable-nm as nm has been fixed in Ubuntu
+ Add X-Ubuntu-Gettext-Domain to the desktop file and update the
translation templates in common-install-impl::
- debian/patches:
+ 02_lpi.patch for LP integration
+ 04_let_crasher_for_apport.patch to stop catching the SIGSEGV signal
and let apport handle it
+ 05_default_to_irc_ubuntu_com.patch to set the default IRC
server to irc.ubuntu.com
+ 70_autoconf.patch
+ 60_1024x600_gtk*.c.patch: Add scrolled bars into account dialog,
pounce windows and preference window when screen height is less than 600.
* Adapt debian/patches/02_lpi.patch
* Re-generate debian/patches/70_autoconf.patch
* Remove debian/patches/fix-icons-backport-from-2.5.5mtn.diff as taken
upstream
-- Didier Roche <email address hidden> Mon, 09 Mar 2009 23:25:48 +0100
-
pidgin (1:2.5.4-2ubuntu2) jaunty; urgency=low
* 60_1024x600_gtkaccount.c.patch: Add scrolled bars into account dialog
when screen height is less than 600. (LP: #305019)
* 60_1024x600_gtkpounce.c.patch: Add scrolled bars into pounce window when
screen height is less than 600
* 60_1024x600_gtkprefs.c.patch: Add scrolled bars into preference window when
screen height is less than 600
-- Ying-Chun Liu (PaulLiu) <email address hidden> Wed, 25 Feb 2009 16:55:42 +0800
-
pidgin (1:2.5.4-2ubuntu1) jaunty; urgency=low
* Merge from debian, remaining changes: (LP: #316636)
- debian/control:
+ Add Build-Deps on liblaunchpad-integration-dev, intltool,
network-manager-dev
+ Add epoch in dependencies
+ Drop the libpurple0 dependency on libpurple-bin
- debian/libpurple0.symbols: add epoch to symbol
- debian/pidgin-dbg.preinst, debian/pidgin-dev.preinst,
debian/pidgin.preinst: add epoch
- Update debian/prefs.xml to set the notify plugin prefs
/plugins/gtk/X11/notify/*, set /pidgin/plugins/loaded to load
the notify plugin and enable the standard logging options by default
- debian/rules:
+ remove --disable-nm as nm has been fixed in Ubuntu
+ Add X-Ubuntu-Gettext-Domain to the desktop file and update the
translation templates in common-install-impl::
- debian/patches:
+ 02_lpi.patch for LP integration
+ 04_let_crasher_for_apport.patch to stop catching the SIGSEGV signal
and let apport handle it
+ 05_default_to_irc_ubuntu_com.patch to set the default IRC
server to irc.ubuntu.com
+ 70_autoconf.patch
+ fix-icons-backport-from-2.5.5mtn.diff:
Fix to see buddy icons for new Windows Live users.
The patch will be included in pidgin-2.5.5
-- Didier Roche <email address hidden> Mon, 23 Feb 2009 18:30:20 +0100
-
pidgin (1:2.5.3-0ubuntu3) jaunty; urgency=low
* fix-icons-backport-from-2.5.5mtn.diff: (LP: #319166).
Fix to see buddy icons for new Windows Live users.
The patch will be included in pidgin-2.5.5
-- Nicolo Chieffo <email address hidden> Mon, 9 Feb 2009 23:47:45 +0100
-
pidgin (1:2.5.3-0ubuntu2) jaunty; urgency=low
* no changes upload for nss/nspr SONAME mini-transition
-- Alexander Sack <email address hidden> Mon, 12 Jan 2009 16:22:12 +0100
-
pidgin (1:2.5.3-0ubuntu1) jaunty; urgency=low
* New upstream release (LP: #310691).
-- Nick Ellery <email address hidden> Sat, 27 Dec 2008 17:53:01 -0800
-
pidgin (1:2.5.2-0ubuntu1) intrepid; urgency=low
* New upstream version
* debian/patches/06_ssl_null_pointer_deref.patch:
- the change is in the new version
-- Sebastien Bacher <email address hidden> Wed, 22 Oct 2008 21:51:41 +0200