[Bug 958208] Re: Backport security fixes from Pidgin 2.10.1 and 2.10.2

Mon, 09 Jul 2012 11:21:22 -0700 

This bug was fixed in the package pidgin - 1:2.6.6-1ubuntu4.5

---------------
pidgin (1:2.6.6-1ubuntu4.5) lucid-security; urgency=low

  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/98_CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/98_CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Information disclosure
    - debian/patches/98_CVE-2011-4922.patch: Properly clear memory regions
      when freeing memory containing security-sensitive data. Based on
      upstream patch.
    - CVE-2011-4922
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/98_CVE-2012-1178.patch: Convert incoming offline messages
      to UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/98_CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/98_CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374
 -- Tyler Hicks <[email protected]>   Sun, 08 Jul 2012 18:14:21 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/958208

Title:
  Backport security fixes from Pidgin 2.10.1 and 2.10.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/958208/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to