Your message dated Thu, 18 Feb 2010 15:53:04 +0000
with message-id <[email protected]>
and subject line Bug#566775: fixed in pidgin 2.6.6-1
has caused the Debian Bug report #566775,
regarding pidgin: CVE-2010-0277 denial-of-service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
566775: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566775
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pidgin
Version: 2.6.5-2
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for pidgin.
CVE-2010-0277[0]:
| slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
| Adium 1.3.8 allows remote attackers to cause a denial of service
| (memory corruption) or possibly have unspecified other impact via
| unknown vectors, a different issue than CVE-2010-0013.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277
http://security-tracker.debian.org/tracker/CVE-2010-0277
--- End Message ---
--- Begin Message ---
Source: pidgin
Source-Version: 2.6.6-1
We believe that the bug you reported is fixed in the latest version of
pidgin, which is due to be installed in the Debian FTP archive:
finch-dev_2.6.6-1_all.deb
to main/p/pidgin/finch-dev_2.6.6-1_all.deb
finch_2.6.6-1_amd64.deb
to main/p/pidgin/finch_2.6.6-1_amd64.deb
libpurple-bin_2.6.6-1_all.deb
to main/p/pidgin/libpurple-bin_2.6.6-1_all.deb
libpurple-dev_2.6.6-1_all.deb
to main/p/pidgin/libpurple-dev_2.6.6-1_all.deb
libpurple0_2.6.6-1_amd64.deb
to main/p/pidgin/libpurple0_2.6.6-1_amd64.deb
pidgin-data_2.6.6-1_all.deb
to main/p/pidgin/pidgin-data_2.6.6-1_all.deb
pidgin-dbg_2.6.6-1_amd64.deb
to main/p/pidgin/pidgin-dbg_2.6.6-1_amd64.deb
pidgin-dev_2.6.6-1_all.deb
to main/p/pidgin/pidgin-dev_2.6.6-1_all.deb
pidgin_2.6.6-1.debian.tar.gz
to main/p/pidgin/pidgin_2.6.6-1.debian.tar.gz
pidgin_2.6.6-1.dsc
to main/p/pidgin/pidgin_2.6.6-1.dsc
pidgin_2.6.6-1_amd64.deb
to main/p/pidgin/pidgin_2.6.6-1_amd64.deb
pidgin_2.6.6.orig.tar.bz2
to main/p/pidgin/pidgin_2.6.6.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ari Pollak <[email protected]> (supplier of updated pidgin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Tue, 16 Feb 2010 16:50:02 -0500
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev
libpurple-dev libpurple-bin
Architecture: source all amd64
Version: 2.6.6-1
Distribution: unstable
Urgency: high
Maintainer: Ari Pollak <[email protected]>
Changed-By: Ari Pollak <[email protected]>
Description:
finch - text-based multi-protocol instant messaging client
finch-dev - text-based multi-protocol instant messaging client - development
libpurple-bin - multi-protocol instant messaging library - extra utilities
libpurple-dev - multi-protocol instant messaging library - development files
libpurple0 - multi-protocol instant messaging library
pidgin - graphical multi-protocol instant messaging client for X
pidgin-data - multi-protocol instant messaging client - data files
pidgin-dbg - Debugging symbols for Pidgin
pidgin-dev - multi-protocol instant messaging client - development files
Closes: 566775
Changes:
pidgin (2.6.6-1) unstable; urgency=high
.
* New upstream release
- Fixes a remote MSN SLP crash (CVE-2010-0277) (Closes: #566775)
- Fixes a remote Finch XMPP crash (CVE-2010-0420)
- Fixes a remote smiley freeze/CPU pegging DoS (CVE-2010-0423)
Checksums-Sha1:
33797a5a5fb52cb57d8edbc1d8cc5dbd4cada502 1940 pidgin_2.6.6-1.dsc
d74459152f9598139a3fd8aee385e3366722155c 9479337 pidgin_2.6.6.orig.tar.bz2
f393530b9104bb1ff68fd69257c11fffbbb2a634 56621 pidgin_2.6.6-1.debian.tar.gz
ba300667e73a10d17e64d918bdbf11a29fb2eeef 7954392 pidgin-data_2.6.6-1_all.deb
faad34ba3427d049d1a0860a72ba963c12b04ca9 1841064 pidgin-dev_2.6.6-1_all.deb
468269946a55e8b417876c49c54fe686ea4421e6 127696 finch-dev_2.6.6-1_all.deb
64ea451e787c9bd544c5239385f8820c68195204 283756 libpurple-dev_2.6.6-1_all.deb
78a03e045854281202221caf0453fcc442d961b0 101350 libpurple-bin_2.6.6-1_all.deb
e42c2c74cbdce533829f6569ba408c2b1475722b 1979484 libpurple0_2.6.6-1_amd64.deb
ee888bd71d79f8036e2f4078c4cb64a980806896 783428 pidgin_2.6.6-1_amd64.deb
a27013c0222fe449b1d42dda68d6675c2ddd42cc 6256694 pidgin-dbg_2.6.6-1_amd64.deb
501fbfc832208e3ab8d9edb886d6897ca232b8dd 331314 finch_2.6.6-1_amd64.deb
Checksums-Sha256:
b1076e3fb3ab1f4efc858ae81077a26fe2121ef4559ca24182533f104e74c771 1940
pidgin_2.6.6-1.dsc
6ebbe9d339246dfebb244e4c855c4feb678f120d1024ef2ee269e2fde77b2ad9 9479337
pidgin_2.6.6.orig.tar.bz2
4237a76462927c361efe74ee2a4f91b19a17005914d1611bc0747c67e8c394cd 56621
pidgin_2.6.6-1.debian.tar.gz
58d7f1894197cc3d5b3a8fd11de82e896b0f8e061416c727e674b5c43a12c7a0 7954392
pidgin-data_2.6.6-1_all.deb
2b1575c862326952d9fd830a32262a654d62c927381d12304b2fb674242b0fe9 1841064
pidgin-dev_2.6.6-1_all.deb
2b051aea74ed32bf348bb00740fd499a96839dad5493e4218449af510491502a 127696
finch-dev_2.6.6-1_all.deb
7e18468ec03571482e44208485ba666c37194182579ab14b84f06d8b0a86aa04 283756
libpurple-dev_2.6.6-1_all.deb
64521a446161c3714f7eac096b8118cc73d18510d5f8dfbfe5ad5468fec030c0 101350
libpurple-bin_2.6.6-1_all.deb
1b6362f5d296c0855e5c722c312ecf0c8520696f5a81a70709b0ebd1660ec91a 1979484
libpurple0_2.6.6-1_amd64.deb
3cdf1b82636fe0062bcb92d23c8d17da0325fbfbc704e718c0a6328710b812f2 783428
pidgin_2.6.6-1_amd64.deb
bca2538e67fa1fb063baf47d8001ea418202284cb527af07be1595a2665bccbf 6256694
pidgin-dbg_2.6.6-1_amd64.deb
aed7d7df94bbfbe8dd7982852dcc0d9bc7b29deaad0368c1e26d4fc53ba5f076 331314
finch_2.6.6-1_amd64.deb
Files:
5e02517799a6266baaabd417557d995a 1940 net optional pidgin_2.6.6-1.dsc
b37ab6c52db8355e8c70c044c2ba17c1 9479337 net optional pidgin_2.6.6.orig.tar.bz2
8bc0002976466ea6fe84d9ff2787232b 56621 net optional
pidgin_2.6.6-1.debian.tar.gz
65e2ee448648323e6e48079286d2a827 7954392 net optional
pidgin-data_2.6.6-1_all.deb
2ebad894dd12696851493c34b7e11b67 1841064 devel optional
pidgin-dev_2.6.6-1_all.deb
4ab133c1fe00c387ff55803b66090f67 127696 devel optional
finch-dev_2.6.6-1_all.deb
5fc616e29d368933b5834360d880e63c 283756 libdevel optional
libpurple-dev_2.6.6-1_all.deb
b5aa34ee52b2c6ab1824d04510236a14 101350 net optional
libpurple-bin_2.6.6-1_all.deb
9d81bb2115b7de6d915e173718583fbd 1979484 net optional
libpurple0_2.6.6-1_amd64.deb
a69e25628cb5d8827f742dc203a9039f 783428 net optional pidgin_2.6.6-1_amd64.deb
bac2cee051ef9638b7c066c0a18c2eb1 6256694 debug extra
pidgin-dbg_2.6.6-1_amd64.deb
d8d55480b6786593f3860de43957c169 331314 net optional finch_2.6.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAkt9RvUACgkQwO+u47cOQDu9DgCgh2BqYKP+Ab7GWIGvRkN8PhfV
LRgAoJzAie4rG4oZHXY4hesIKcIFAjH4
=sUMi
-----END PGP SIGNATURE-----
--- End Message ---
