UbuntuUpdates.org

Package "pidgin-data"

Name: pidgin-data

Description:

multi-protocol instant messaging client - data files

Latest version: 1:2.10.9-0ubuntu3.4
Release: trusty (14.04)
Level: security
Repository: main
Head package: pidgin
Homepage: http://www.pidgin.im

Links


Download "pidgin-data"


Other versions of "pidgin-data" in Trusty

Repository Area Version
base main 1:2.10.9-0ubuntu3
updates main 1:2.10.9-0ubuntu3.4
PPA: Pidgin 1:2.10.11-1ubuntu0+pidgin7.14.04

Changelog

Version: 1:2.10.9-0ubuntu3.4 2017-03-14 13:06:51 UTC

  pidgin (1:2.10.9-0ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write when stripping xml
    - debian/patches/CVE-2017-2640.patch: improve entity processing in
      libpurple/util.c.
    - CVE-2017-2640

 -- Marc Deslauriers <email address hidden> Mon, 13 Mar 2017 14:30:53 -0400

Source diff to previous version
CVE-2017-2640 Out-of-bounds write when stripping xml

Version: 1:2.10.9-0ubuntu3.3 2016-07-12 18:06:49 UTC

  pidgin (1:2.10.9-0ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and code execution in MXIT protocol
    - debian/patches/CVE-2016-*.patch: fix multiple issues.
    - CVE-2016-2365
    - CVE-2016-2366
    - CVE-2016-2367
    - CVE-2016-2368
    - CVE-2016-2369
    - CVE-2016-2370
    - CVE-2016-2371
    - CVE-2016-2372
    - CVE-2016-2373
    - CVE-2016-2374
    - CVE-2016-2375
    - CVE-2016-2376
    - CVE-2016-2377
    - CVE-2016-2378
    - CVE-2016-2380
    - CVE-2016-4323

 -- Marc Deslauriers <email address hidden> Tue, 12 Jul 2016 08:54:12 -0400

Source diff to previous version
CVE-2016-2365 MXIT Markup Command Denial of Service Vulnerability
CVE-2016-2366 MXIT Table Command Denial of Service Vulnerability
CVE-2016-2367 MXIT Avatar Length Memory Disclosure Vulnerability
CVE-2016-2368 MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities
CVE-2016-2369 MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability
CVE-2016-2370 MXIT Custom Resource Denial of Service Vulnerability
CVE-2016-2371 MXIT Extended Profiles Code Execution Vulnerability
CVE-2016-2372 MXIT File Transfer Length Memory Disclosure Vulnerability
CVE-2016-2373 MXIT Contact Mood Denial of Service Vulnerability
CVE-2016-2374 MXIT MultiMX Message Code Execution Vulnerability
CVE-2016-2375 MXIT Suggested Contacts Memory Disclosure Vulnerability
CVE-2016-2376 MXIT read stage 0x3 Code Execution Vulnerability
CVE-2016-2377 MXIT HTTP Content-Length Buffer Overflow Vulnerability
CVE-2016-2378 MXIT get_utf8_string Code Execution Vulnerability
CVE-2016-2380 MXIT mxit_convert_markup_tx Information Leak Vulnerability
CVE-2016-4323 MXIT Splash Image Arbitrary File Overwrite Vulnerability

Version: 1:2.10.9-0ubuntu3.2 2014-10-28 15:06:40 UTC

  pidgin (1:2.10.9-0ubuntu3.2) trusty-security; urgency=medium

  * SECURITY UPDATE: insufficient ssl certificate validation
    - debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
      libpurple/certificate.c, libpurple/certificate.h,
      libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
    - CVE-2014-3694
  * SECURITY UPDATE: denial of service via malformed MXit emoticon response
    - debian/patches/CVE-2014-3695.patch: properly check lengths in
      libpurple/protocols/mxit/markup.c.
    - CVE-2014-3695
  * SECURITY UPDATE: denial of service via malformed Groupwise message
    - debian/patches/CVE-2014-3696.patch: check sizes in
      libpurple/protocols/novell/nmevent.c.
    - CVE-2014-3696
  * SECURITY UPDATE: XMPP information leak
    - debian/patches/CVE-2014-3698.patch: fix leaks in
      libpurple/protocols/jabber/jutil.c.
    - CVE-2014-3698
 -- Marc Deslauriers <email address hidden> Mon, 27 Oct 2014 11:36:20 -0400

Source diff to previous version

Version: 1:2.10.9-0ubuntu3.1 2014-05-21 13:07:30 UTC

  pidgin (1:2.10.9-0ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: memory corruption via crafted message from gadu-gadu
    file relay server
    - debian/patches/CVE-2014-3775.patch: check relay_count in
      libpurple/protocols/gg/lib/dcc7.c
    - CVE-2014-3775
 -- Marc Deslauriers <email address hidden> Tue, 20 May 2014 11:08:53 -0400

CVE-2014-3775 memory corruption



About   -   Send Feedback to @ubuntu_updates