Package "pidgin"
| Name: |
pidgin
|
Description: |
graphical multi-protocol instant messaging client for X
|
| Latest version: |
1:2.10.3-0ubuntu1.8 |
| Release: |
precise (12.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
http://www.pidgin.im |
Links
Download "pidgin"
Other versions of "pidgin" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
|
pidgin (1:2.10.3-0ubuntu1.3) precise-security; urgency=low
* SECURITY UPDATE: file overwrite via MXit crafted pathname
- debian/patches/CVE-2013-0271.patch: properly escape filenames in
libpurple/protocols/mxit/formcmds.c,
libpurple/protocols/mxit/splashscreen.c.
- CVE-2013-0271
* SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
- debian/patches/CVE-2013-0272.patch: properly check lengths in
libpurple/protocols/mxit/http.c.
- CVE-2013-0272
* SECURITY UPDATE: denial of service via long user ID in Sametime
- debian/patches/CVE-2013-0273.patch: use g_strlcpy in
libpurple/protocols/sametime/sametime.c.
- CVE-2013-0273
* SECURITY UPDATE: denial of service via long UPnP responses
- debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
- CVE-2013-0274
-- Marc Deslauriers <email address hidden> Thu, 21 Feb 2013 12:53:30 -0500
|
| Source diff to previous version |
| CVE-2013-0271 |
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) |
| CVE-2013-0272 |
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long |
| CVE-2013-0273 |
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote server |
| CVE-2013-0274 |
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a deni |
|
|
pidgin (1:2.10.3-0ubuntu1.2) precise-proposed; urgency=low
* debian/patches/pounce-webview.patch (LP: #1026442)
- Buddy pounce - send message window too short
-- Ritesh Khadgaray <email address hidden> Wed, 09 Jan 2013 17:50:06 +0530
|
| Source diff to previous version |
| 1026442 |
Buddy pounce - send message window too short |
|
|
pidgin (1:2.10.3-0ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
transfer requests (LP: #996691)
- debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
connection attempts. Based on upstream patch.
- CVE-2012-2214
* SECURITY UPDATE: Remote denial of service via specially crafted MSN
messages (LP: #996691)
- debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
then validate the messages. Based on upstream patch.
- CVE-2012-2318
* SECURITY UPDATE: Remote denial of service via specially crafted MXit
messages (LP: #1022012)
- debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
instead of a fixed size buffer. Based on upstream patch.
- CVE-2012-3374
-- Tyler Hicks <email address hidden> Sun, 08 Jul 2012 18:14:21 -0500
|
| 996691 |
Pidgin may be vulnerable to remote MSN and XMPP cra... |
| 1022012 |
(CVE-2012-3374) <pidgin-2.10.5: MXit buffer overfl... |
| CVE-2012-2214 |
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authentic |
| CVE-2012-2318 |
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to caus |
| CVE-2012-3374 |
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a c |
|
About
-
Send Feedback to @ubuntu_updates
