This bug was fixed in the package pidgin - 1:2.10.11-0ubuntu2
---------------
pidgin (1:2.10.11-0ubuntu2) wily; urgency=medium
* debian/control:
- Build-depend on libgstreamer1.0-dev, libgstreamer-plugins-base1.0-dev,
libfarstream-0.2
- Recommend gstreamer1.0-plugins-base, gstreamer1.0-plugins-good
* debian/patches/gstreamer1.patch:
- Use gstreamer 1.0 (LP: #1295207)
-- Robert Ancell <[email protected]> Fri, 29 May 2015
11:28:51 +1200
** Changed in: pidgin (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pidgin in Ubuntu.
https://bugs.launchpad.net/bugs/1402424
Title:
Update to latest upstream release (2.10.11)
Status in pidgin package in Ubuntu:
Fix Released
Bug description:
Update to latest upstream release (2.10.11) in vivid.
Upstream changelog https://developer.pidgin.im/wiki/ChangeLog:
version 2.10.11 (11/23/14)
General
Fix handling of Self-Signed SSL/TLS Certificates when using the NSS
plugin
Improve default cipher suites used with the NSS plugin
Add NSS Preferences plugin which allows the SSL/TLS Versions and
cipher suites to be configured
Gadu-Gadu
Fix a bug that prevented plugin to load when compiled without GnuTLS.
(mancha)
Fix build for platforms without AF_LOCAL definition.
MSN
Fix broken login due to server change (dx, TReKiE).
Fail early when buddy list is unavailable instead of wasting
bandwidth endlessly re-trying.
version 2.10.10 (10/22/2014)
General
Check the basic constraints extension when validating SSL/TLS
certificates. This fixes a security hole that allowed a malicious
man-in-the-middle to impersonate an IM server or any other https endpoint. This
affected both the NSS and GnuTLS plugins. (Discovered by an anonymous person
and Jacob Appelbaum of the Tor Project, with thanks to Moxie Marlinspike for
first publishing about this type of vulnerability. Thanks to Kai Engert for
guidance and for some of the NSS changes) (CVE-2014-3694)
Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
(Elrond and Ashish Gupta)
libpurple3 compatibility
Encrypted account passwords are preserved until the new one is set.
Fix loading Google Talk and Facebook XMPP accounts.
Windows-Specific Changes
Don't allow overwriting arbitrary files on the file system when the
user installs a smiley theme via drag-and-drop. (Discovered by Yves Younan of
Cisco Talos) (CVE-2014-3697)
Updates to dependencies
NSS 3.17.1 and NSPR 4.10.7
Finch
Fix build against Python 3. (Ed Catmur)
Gadu-Gadu
Updated internal libgadu to version 1.12.0.
Groupwise
Fix potential remote crash parsing server message that indicates that
a large amount of memory should be allocated. (Discovered by Yves Younan and
Richard Johnson of Cisco Talos) (CVE-2014-3696)
IRC
Fix a possible leak of unencrypted data when using /me command with
OTR. (Thijs Alkemade)
MXit
Fix potential remote crash parsing a malformed emoticon response.
(Discovered by Yves Younan and Richard Johnson of Cisco Talos) (CVE-2014-3695)
XMPP
Fix potential information leak where a malicious XMPP server and
possibly even a malicious remote user could create a carefully crafted XMPP
message that causes libpurple to send an XMPP message containing arbitrary
memory. (Discovered and fixed by Thijs Alkemade and Paul Aurich) (CVE-2014-3698)
Fix Facebook XMPP roster quirks.
Yahoo
Fix login when using the GnuTLS library for TLS connections.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1402424/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
