*** This bug is a security vulnerability ***
Public security bug reported:
Pidgin in generic hardy has been update to fix three security
vulnerabilities. The patches should be applied to tpidgin for the mini.
Note that pidgin for the mini is in version
1:2.4.3ubuntu1~hardy1netbook5.
pidgin (1:2.4.1-1ubuntu2.4) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
correctly in libpurple/protocols/jabber/si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/82_security_CVE-2009-1375.patch: add an additional
check in libpurple/circbuffer.c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/83_security_CVE-2009-1376.patch: switch offset
variable to guint64 in libpurple/protocols/msn/slplink.c.
- CVE-2009-1376
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 25 May 2009
17:24:40 +0200
** Affects: dell-mini
Importance: Undecided
Status: New
** Description changed:
Pidgin in generic hardy has been update to fix three security
vulnerabilities. The patches should be applied to tpidgin for the mini.
Note that pidgin for the mini is in version
1:2.4.3ubuntu1~hardy1netbook5.
pidgin (1:2.4.1-1ubuntu2.4) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
correctly in libpurple/protocols/jabber/si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/82_security_CVE-2009-1375.patch: add an additional
check in libpurple/circbuffer.c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/83_security_CVE-2009-1376.patch: switch offset
variable to guint64 in libpurple/protocols/msn/slplink.c.
- CVE-2009-1376
- pidgin (1:2.4.1-1ubuntu2.4) hardy-security; urgency=low
-
- * SECURITY UPDATE: denial of service or possible code execution in XMPP
- file transfer
- - debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
- correctly in libpurple/protocols/jabber/si.c.
- - CVE-2009-1373
- * SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- - debian/patches/82_security_CVE-2009-1375.patch: add an additional
- check in libpurple/circbuffer.c.
- - CVE-2009-1375
- * SECURITY UPDATE: arbitrary code execution via crafted MSN message
- - debian/patches/83_security_CVE-2009-1376.patch: switch offset
- variable to guint64 in libpurple/protocols/msn/slplink.c.
- - CVE-2009-1376
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 25 May 2009
17:24:40 +0200
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1373
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1375
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1376
** This bug has been flagged as a security vulnerability
--
Please update pidgin to fix security vulnerabilities
https://bugs.launchpad.net/bugs/383335
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.
Status in Dell Inspiron Mini with Custom Dell UI: New
Bug description:
Pidgin in generic hardy has been update to fix three security vulnerabilities.
The patches should be applied to tpidgin for the mini. Note that pidgin for the
mini is in version 1:2.4.3ubuntu1~hardy1netbook5.
pidgin (1:2.4.1-1ubuntu2.4) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or possible code execution in XMPP
file transfer
- debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
correctly in libpurple/protocols/jabber/si.c.
- CVE-2009-1373
* SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
- debian/patches/82_security_CVE-2009-1375.patch: add an additional
check in libpurple/circbuffer.c.
- CVE-2009-1375
* SECURITY UPDATE: arbitrary code execution via crafted MSN message
- debian/patches/83_security_CVE-2009-1376.patch: switch offset
variable to guint64 in libpurple/protocols/msn/slplink.c.
- CVE-2009-1376
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 25 May 2009 17:24:40
+0200
_______________________________________________
Mailing list: https://launchpad.net/~oem-qa
Post to : oem-qa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~oem-qa
More help : https://help.launchpad.net/ListHelp
