All Ubuntu package versions


AllRaringQuantalPreciseOneiricNattyLucidHardyAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
Comments

Package "finch-dev"

Name: finch-dev

Description:

text-based multi-protocol instant messaging client - development
This package contains the headers and other development files not included in
the main finch package. Install this if you wish to compile your own plugins,
or would like to compile programs that use the libgnt library.
Latest version: 1:2.4.1-1ubuntu2.10
Release: hardy (8.04)
Level: security
Repository: main
Head package: pidgin
Homepage: http://www.pidgin.im

Links

Save this URL for the latest version of "finch-dev": http://www.ubuntuupdates.org/finch-dev

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "finch-dev"

All arch deb package APT INSTALL

Other versions of "finch-dev" in Hardy

RepositoryAreaVersion
base main 1:2.4.1-1ubuntu2
updates main 1:2.4.1-1ubuntu2.10
backports main 1:2.5.2-0ubuntu1.2~hardy1

Change Log

Version: 1:2.4.1-1ubuntu2.10 2010-11-04 14:01:23 UTC

pidgin (1:2.4.1-1ubuntu2.10) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via custom emoticon
    - debian/patches/94_security_CVE-2010-1624.patch: make sure body is
      valid in libpurple/protocols/{msn,msnp9}/slp.c.
    - CVE-2010-1624
  * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
    - debian/patches/94_security_CVE-2010-3711.patch: correctly handle
      purple_base64_decode return codes in libpurple/ntlm.c,
      libpurple/protocols/{jabber/auth.c,msn/slp.c,msnp9/slp.c,
      myspace/message.c,yahoo/yahoo.c}.
    - CVE-2010-3711

 -- Marc Deslauriers Wed, 03 Nov 2010 09:36:41 -0400
Source diff to previous version
CVE-2010-1624 The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a den
CVE-2010-3711 libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated u
666998 pidgin: "CVE-2010-3711 security vulnerability in pidgin < 2.7.4"

Version: 1:2.4.1-1ubuntu2.9 2010-02-22 17:01:23 UTC

pidgin (1:2.4.1-1ubuntu2.9) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/94_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/94_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/94_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

 -- Marc Deslauriers Thu, 18 Feb 2010 14:57:08 -0500
Source diff to previous version
CVE-2010-0277 slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and ...
CVE-2010-0420 pidgin crash
CVE-2010-0423 pidgin remote denial-of-service

Version: 1:2.4.1-1ubuntu2.8 2010-01-18 16:01:40 UTC

pidgin (1:2.4.1-1ubuntu2.8) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/87_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/88_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/89_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c and
      libpurple/protocols/msnp9/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/90_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete
    - debian/patches/91_security_CVE-2008-2955-2.patch: change
      src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure
      still exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - previous 83_security_CVE-2009-1376.patch patch was incomplete
    - debian/patches/92_security_CVE-2009-1376-2.patch: switch offset
      variable to guint64 in libpurple/protocols/msnp9/slplink.c.
    - CVE-2009-1376
  * Fix connection issue with MSN (LP: #494002)
    - debian/patches/93_msn_protocol8.patch: use protocol v8 in
      libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported
      by msn anymore.

 -- Marc Deslauriers Fri, 15 Jan 2010 12:56:44 -0500
245769 pidgin: "[CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities"
494002 pidgin: "[hardy] Failing to connect to MSN with 'protocol is not supported' error"


About   -   Changelog   -   Send Feedback
Site Meter