-
pidgin (1:2.10.9-0ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds write when stripping xml
- debian/patches/CVE-2017-2640.patch: improve entity processing in
libpurple/util.c.
- CVE-2017-2640
-- Marc Deslauriers <email address hidden> Mon, 13 Mar 2017 14:30:53 -0400
-
pidgin (1:2.10.9-0ubuntu3.3) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and code execution in MXIT protocol
- debian/patches/CVE-2016-*.patch: fix multiple issues.
- CVE-2016-2365
- CVE-2016-2366
- CVE-2016-2367
- CVE-2016-2368
- CVE-2016-2369
- CVE-2016-2370
- CVE-2016-2371
- CVE-2016-2372
- CVE-2016-2373
- CVE-2016-2374
- CVE-2016-2375
- CVE-2016-2376
- CVE-2016-2377
- CVE-2016-2378
- CVE-2016-2380
- CVE-2016-4323
-- Marc Deslauriers <email address hidden> Tue, 12 Jul 2016 08:54:12 -0400
-
pidgin (1:2.10.9-0ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: insufficient ssl certificate validation
- debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
libpurple/certificate.c, libpurple/certificate.h,
libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
- CVE-2014-3694
* SECURITY UPDATE: denial of service via malformed MXit emoticon response
- debian/patches/CVE-2014-3695.patch: properly check lengths in
libpurple/protocols/mxit/markup.c.
- CVE-2014-3695
* SECURITY UPDATE: denial of service via malformed Groupwise message
- debian/patches/CVE-2014-3696.patch: check sizes in
libpurple/protocols/novell/nmevent.c.
- CVE-2014-3696
* SECURITY UPDATE: XMPP information leak
- debian/patches/CVE-2014-3698.patch: fix leaks in
libpurple/protocols/jabber/jutil.c.
- CVE-2014-3698
-- Marc Deslauriers <email address hidden> Mon, 27 Oct 2014 11:36:20 -0400
-
pidgin (1:2.10.9-0ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: memory corruption via crafted message from gadu-gadu
file relay server
- debian/patches/CVE-2014-3775.patch: check relay_count in
libpurple/protocols/gg/lib/dcc7.c
- CVE-2014-3775
-- Marc Deslauriers <email address hidden> Tue, 20 May 2014 11:08:53 -0400
-
pidgin (1:2.10.9-0ubuntu3) trusty; urgency=medium
* debian/patches/xmessagingmenu.patch: change the .in file as well
so the changes are not overwriten when regenerating
-- Sebastien Bacher <email address hidden> Wed, 09 Apr 2014 19:00:52 +0200
-
pidgin (1:2.10.9-0ubuntu2) trusty; urgency=medium
* debian/control: remove libgadu-dev from Build-Depends. Pidgin has been
using its own libgadu since at least precise, and the useless
dependency is pulling libgadu into main.
-- Marc Deslauriers <email address hidden> Mon, 10 Feb 2014 10:15:42 -0500
-
pidgin (1:2.10.9-0ubuntu1) trusty; urgency=medium
* New upstream version, thanks Jackson Doak (lp: #1275113)
CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479,
CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484,
CVE-2013-6485, CVE-2013-6486, CVE-2013-6487, CVE-2013-6489,
CVE-2013-6490, CVE-2014-0020.
-- Sebastien Bacher <email address hidden> Thu, 06 Feb 2014 16:17:33 +0000
-
pidgin (1:2.10.7-0ubuntu4.2) trusty; urgency=low
* Rebuild for Perl 5.18.
-- Colin Watson <email address hidden> Tue, 22 Oct 2013 12:18:43 +0100
-
pidgin (1:2.10.7-0ubuntu4.1) raring-proposed; urgency=low
* Add hg-remove-SIGCHLD-handler.patch: Fix hanging on startup.
Backport of upstream commit from 3.0 (LP: #1108056)
-- Robert Hooker <email address hidden> Sat, 20 Apr 2013 15:40:16 -0400
