Package "libpurple0"
Name: |
libpurple0
|
Description: |
multi-protocol instant messaging library
|
Latest version: |
1:2.10.3-0ubuntu1.8 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
pidgin |
Homepage: |
http://www.pidgin.im |
Links
Download "libpurple0"
Other versions of "libpurple0" in Precise
Changelog
pidgin (1:2.10.3-0ubuntu1.3) precise-security; urgency=low
* SECURITY UPDATE: file overwrite via MXit crafted pathname
- debian/patches/CVE-2013-0271.patch: properly escape filenames in
libpurple/protocols/mxit/formcmds.c,
libpurple/protocols/mxit/splashscreen.c.
- CVE-2013-0271
* SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
- debian/patches/CVE-2013-0272.patch: properly check lengths in
libpurple/protocols/mxit/http.c.
- CVE-2013-0272
* SECURITY UPDATE: denial of service via long user ID in Sametime
- debian/patches/CVE-2013-0273.patch: use g_strlcpy in
libpurple/protocols/sametime/sametime.c.
- CVE-2013-0273
* SECURITY UPDATE: denial of service via long UPnP responses
- debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
- CVE-2013-0274
-- Marc Deslauriers <email address hidden> Thu, 21 Feb 2013 12:53:30 -0500
|
Source diff to previous version |
CVE-2013-0271 |
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) |
CVE-2013-0272 |
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long |
CVE-2013-0273 |
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote server |
CVE-2013-0274 |
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a deni |
|
pidgin (1:2.10.3-0ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
transfer requests (LP: #996691)
- debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
connection attempts. Based on upstream patch.
- CVE-2012-2214
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
messages (LP: #996691)
- debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
then validate the messages. Based on upstream patch.
- CVE-2012-2318
* SECURITY UPDATE: Remote denial of service via specially crafted MXit
messages (LP: #1022012)
- debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
instead of a fixed size buffer. Based on upstream patch.
- CVE-2012-3374
-- Tyler Hicks <email address hidden> Sun, 08 Jul 2012 18:14:21 -0500
|
996691 |
Pidgin may be vulnerable to remote MSN and XMPP cra... |
1022012 |
(CVE-2012-3374) <pidgin-2.10.5: MXit buffer overfl... |
CVE-2012-2214 |
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authentic |
CVE-2012-2318 |
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to caus |
CVE-2012-3374 |
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a c |
|
About
-
Send Feedback to @ubuntu_updates