UbuntuUpdates - Package "pidgin" (hardy 8.04)

Package "pidgin"

Name:	pidgin
Description:	graphical multi-protocol instant messaging client for X Pidgin is a graphical, modular Instant Messaging client capable of using AIM/ICQ, Yahoo!, MSN, IRC, Jabber, Napster, Zephyr, Gadu-Gadu, Bonjour, Groupwise, Sametime, SILC, and SIMPLE all at once. Some extra packages are recommended to use the core functionality present in most pidgin installations: * gstreamer0.10-plugins-base, gstreamer0.10-plugins-good - Sound support. More extra packages are suggested to use increased functionality: * gnome-panel \| kicker \| docker: - To use the system tray icon functionality (minimizing to an icon, having the icon blink when there are new messages, etc.) * evolution-data-server: - For interfacing with an Evolution address book * libsqlite3-0: - To use Contact Availability Prediction plugin
Latest version:	1:2.4.1-1ubuntu2.10
Release:	hardy (8.04)
Level:	security
Repository:	main
Homepage:	http://www.pidgin.im

Links

Save this URL for the latest version of "pidgin": http://www.ubuntuupdates.org/pidgin

Show Raw Package Information	All versions of this package	Bug fixes
List of files in package	Repository home page for package

Download "pidgin"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "pidgin" in Hardy

Repository	Area	Version
base	main	1:2.4.1-1ubuntu2
base	universe	1:2.4.1-1ubuntu2
security	universe	1:2.4.1-1ubuntu2.10
updates	main	1:2.4.1-1ubuntu2.10
updates	universe	1:2.4.1-1ubuntu2.10
backports	main	1:2.5.2-0ubuntu1.2~hardy1

Packages in group

Deleted packages are displayed in grey.

finch	finch-dev	libpurple-bin	libpurple-dev	libpurple0
pidgin-data	pidgin-dbg	pidgin-dev

Change Log

Version: 1:2.4.1-1ubuntu2.10 2010-11-04 14:01:23 UTC

pidgin (1:2.4.1-1ubuntu2.10) hardy-security; urgency=low * SECURITY UPDATE: denial of service via custom emoticon - debian/patches/94_security_CVE-2010-1624.patch: make sure body is valid in libpurple/protocols/{msn,msnp9}/slp.c. - CVE-2010-1624 * SECURITY UPDATE: denial of service via base64 decoding (LP: #666998) - debian/patches/94_security_CVE-2010-3711.patch: correctly handle purple_base64_decode return codes in libpurple/ntlm.c, libpurple/protocols/{jabber/auth.c,msn/slp.c,msnp9/slp.c, myspace/message.c,yahoo/yahoo.c}. - CVE-2010-3711 -- Marc Deslauriers Wed, 03 Nov 2010 09:36:41 -0400

Source diff to previous version

CVE-2010-1624	The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a den
CVE-2010-3711	libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated u
666998	pidgin: "CVE-2010-3711 security vulnerability in pidgin < 2.7.4"

Version: 1:2.4.1-1ubuntu2.9 2010-02-22 17:01:23 UTC

pidgin (1:2.4.1-1ubuntu2.9) hardy-security; urgency=low * SECURITY UPDATE: denial of service via malformed SLP message - debian/patches/94_security_CVE-2010-0277.patch: validate input in libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}. - CVE-2010-0277 * SECURITY UPDATE: denial of service via certain nicknames in Finch - debian/patches/94_security_CVE-2010-0420.patch: properly unescape text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c, libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c. - CVE-2010-0420 * SECURITY UPDATE: denial of service via large number of smileys - debian/patches/94_security_CVE-2010-0423.patch: limit the number of smileys in pidgin/gtkimhtml.c. - CVE-2010-0423 -- Marc Deslauriers Thu, 18 Feb 2010 14:57:08 -0500

Source diff to previous version

CVE-2010-0277	slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and ...
CVE-2010-0420	pidgin crash
CVE-2010-0423	pidgin remote denial-of-service

Version: 1:2.4.1-1ubuntu2.8 2010-01-18 16:01:40 UTC

pidgin (1:2.4.1-1ubuntu2.8) hardy-security; urgency=low * SECURITY UPDATE: denial of service via TOPIC message - debian/patches/87_security_CVE-2009-2703.patch: validate args in libpurple/protocols/irc/msgs.c. - CVE-2009-2703 * SECURITY UPDATE: information disclosure via incorrect jabber TLS handling - debian/patches/88_security_CVE-2009-3026.patch: bail out if encryption is not available in libpurple/protocols/jabber/auth.c. - CVE-2009-3026 * SECURITY UPDATE: denial of service via malformed SLP invite message - debian/patches/89_security_CVE-2009-3083.patch: validate branch, content_type and content in libpurple/protocols/msn/slp.c and libpurple/protocols/msnp9/slp.c. - CVE-2009-3083 * SECURITY UPDATE: denial of service via crafted contact list data - debian/patches/90_security_CVE-2009-3615.patch: validate contact list structure in libpurple/protocols/oscar/oscar.c. - CVE-2009-3615 * SECURITY UPDATE: denial of service via specially formulated long filename (LP: #245769) - previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete - debian/patches/91_security_CVE-2008-2955-2.patch: change src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure still exists before putting dest_fp in it. - CVE-2008-2955 * SECURITY UPDATE: arbitrary code execution via crafted MSN message - previous 83_security_CVE-2009-1376.patch patch was incomplete - debian/patches/92_security_CVE-2009-1376-2.patch: switch offset variable to guint64 in libpurple/protocols/msnp9/slplink.c. - CVE-2009-1376 * Fix connection issue with MSN (LP: #494002) - debian/patches/93_msn_protocol8.patch: use protocol v8 in libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported by msn anymore. -- Marc Deslauriers Fri, 15 Jan 2010 12:56:44 -0500

245769	pidgin: "[CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities"
494002	pidgin: "[hardy] Failing to connect to MSN with 'protocol is not supported' error"

About - Changelog - Send Feedback

UbuntuUpdates.org

Package "pidgin"

Links

Download "pidgin"

Other versions of "pidgin" in Hardy

Packages in group

Change Log

Tweet

Share this page

News

Recent Comments

Bookmarks

Latest updates

proposed

updates

security

PPA updates