[Bug 494002] Re: [hardy] Failing to connect to MSN with 'protocol is not supported' error

Mon, 18 Jan 2010 07:16:44 -0800 

This bug was fixed in the package pidgin - 1:2.4.1-1ubuntu2.8

---------------
pidgin (1:2.4.1-1ubuntu2.8) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/87_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/88_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/89_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c and
      libpurple/protocols/msnp9/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/90_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete
    - debian/patches/91_security_CVE-2008-2955-2.patch: change
      src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure
      still exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - previous 83_security_CVE-2009-1376.patch patch was incomplete
    - debian/patches/92_security_CVE-2009-1376-2.patch: switch offset
      variable to guint64 in libpurple/protocols/msnp9/slplink.c.
    - CVE-2009-1376
  * Fix connection issue with MSN (LP: #494002)
    - debian/patches/93_msn_protocol8.patch: use protocol v8 in
      libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported
      by msn anymore.
 -- Marc Deslauriers <[email protected]>   Fri, 15 Jan 2010 12:56:44 
-0500

** Changed in: pidgin (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2955

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1376

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2703

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3026

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3083

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3615

-- 
[hardy] Failing to connect to MSN with 'protocol is not supported' error
https://bugs.launchpad.net/bugs/494002
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to