Important Security Bug #
Pidgin Security Advisory
Title MSN Remote Nudge DoS
Date27 September 2007
CVE NameCVE-2007-4996
Discovered By Evan Schoenberg
Summary MSN nudges sent from unknown buddies can cause libpurple to crash
Description A remote MSN user that is not on the
We know about new version, not need to copy the changes on a closed bug
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
pidgin (1:2.2.0-1ubuntu1) gutsy; urgency=low
* Sync with Debian (LP: #139686)
* debian/control:
- Build-Depends on liblaunchpad-integration-dev, intltool, libnm-glib-dev
- don't Build-Depends on libsilc-1.1-2-dev | libsilc-dev (= 1.1.1),
the library is in universe
- changed
The previous debdiff dropped the Debian changes and the beta freeze is
tomorrow so I've merged on Debian and uploaded 2.2.0, thanks everybody
for the work and testing
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of
I tested the new packages and also quickly reviewed the debdiff. I don't
see a significant difference to 2.1.1, though (Jabber is still broken,
see bug 116170, rest works as usual).
OK from my side if the desktop team wants to take this.
--
Pidgin 2.2.0 in Gutsy
Please keep in mind while/if considering implementing this:
http://developer.pidgin.im/ticket/3092
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
Thanks Flávio for providing the binary. Until now it runs without
crashes for me. I will continue testing.
Can you please check #52801? In my eyes proxy settings is still an issue
in pidgin under ubuntu.
In the windows version you have a global pidgin setting allowing you to
set a proxy/noproxy
** Attachment added: ubuntu proxy settings
http://launchpadlibrarian.net/9337205/proxy%20settings%20ubuntu.png
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
Upgrade from deb http://ppa.launchpad.net/zanglang/ubuntu gutsy main
does not work at all for me.
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
Sorry, that's because the PPA does not have amd64 packages (yet?).
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Sorry, for some reason 2.2.0~ppa2 is still on Pending Removal status
for my PPA and not starting the rebuild for both architectures yet. I'm
not quite sure what's causing the delay... still getting the hang of
these packaging stuff. :)
I hope my package is not what's causing the problems. Not
** Tags added: upgrade
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Please test the new packages of pidgin at
deb http://ppa.launchpad.net/xhaker/ubuntu gutsy main
(take in mind the repository also contains other software packages)
Attaching the proper debdiff for ubuntu1 here.
** Attachment added: Pidgin-2.2.0-1 merge from debian (debdiff)
+1 :D
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
could user stop adding +1 comment, that has no use and you are
creating extra mail load for maintainers and slow the packaging of the
new version
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Please provide a PPA with the new version, so that it can get some more
widespread testing. I am willing to consider it, but for the same reason
why so many of you want the new version, we cant risk major regressions
due to it either.
--
Pidgin 2.2.0 in Gutsy
... and slow the packaging of the next version...
So it's happening then?
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
no, it's not, today is sunday which is a non working day in Europe, I'll
have a look next week rather
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
I'm doing this as per: https://wiki.ubuntu.com/FreezeExceptionProcess
#head-9523bc4076ff011324d67cddc97969ec609618d6
code: diff -ruN pidgin-2.1.1/ pidgin-2.2.0/ | diffstat diffstat.txt
** Attachment added: diffstat.txt
http://launchpadlibrarian.net/9295551/diffstat.txt
--
Pidgin 2.2.0 in
I'm doing this as per: https://wiki.ubuntu.com/FreezeExceptionProcess
#head-9523bc4076ff011324d67cddc97969ec609618d6
code: diff -u pidgin-2.1.1/ChangeLog pidgin-2.2.0/ChangeLog
changelog.diff
** Attachment added: changelog.diff
http://launchpadlibrarian.net/9295553/changelog.diff
--
Pidgin
Then finally,
code: diff -u pidgin-2.1.1/ pidgin-2.2.0/ changes_patch.diff
** Attachment added: changes_patch.diff
http://launchpadlibrarian.net/929/changes_patch.diff
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a
Oops Ive realised that i shouldn't have marked it as confirmed, as
confirmed in a freeze exception request means that it's been accepted.
Marking as new,
** Changed in: pidgin (Ubuntu)
Status: Confirmed = New
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received
https://launchpad.net/~zanglang/+archive
deb http://ppa.launchpad.net/zanglang/ubuntu gutsy main
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
TERRIBLY SORRY.
The last one didn't have the recursive function running. Here's the new
patch.diff:
code: diff -ru pidgin-2.1.1/ pidgin-2.2.0/ changes_patch2.diff
** Attachment added: changes_patch2.diff
http://launchpadlibrarian.net/9295698/changes_patch2.diff
--
Pidgin 2.2.0 in Gutsy
pidgin is in Main, not Universe, so I've unsubscribed MOTU-UVF. You
need to follow the process for a Main UVFe, not a Universe one.
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug
Well, for UVFe, it states:
* An excerpt from the upstream changelog and/or release notes listing (only)
the changes relative to the current version in Ubuntu
-- which I did:
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/139686/comments/20, and
so did Murat:
I added 'deb http://ppa.launchpad.net/zanglang/ubuntu gutsy main' via
Software Sources and then ran the update in the terminal.
I've attached the log.
** Attachment added: pidgin-bash_terminal-20070916.txt
http://launchpadlibrarian.net/9296933/pidgin-bash_terminal-20070916.txt
--
Pidgin
As far as I can tell, everything is running swell, including Finch.
Here's a screenshot.
** Attachment added: pidgin-2.2.0.png
http://launchpadlibrarian.net/9296937/pidgin-2.2.0.png
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you
I've been using the above packages for the past several days.
There was one case of an isolated crash, but I've been unable to
reproduce this crash since. Everything seems to work just fine - all
very stable.
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug
i got a Segmentation Fault by running Pidgin 2.2.0 from deb
http://ppa.launchpad.net/zanglang/ubuntu gutsy main:
[EMAIL PROTECTED]:~$ pidgin
bad image index
bad image index
bad image index
bad image index
Segmentation fault (core dumped)
Anyone an idea what i did wrong or maybe has the same
I tryed to run Pidgin as Root and it works without Root-Rights it crashs
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
It's in Sid:
http://packages.debian.org/sid/pidgin
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Excellent! So it's just a simple merge :)
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
+1 from for the request. Sadfully the Debian did not package 2.2.0 yet
so we cannot just sync from there and need to package by or own. So this
might get an issue as we already have Tribe5. On the other hand the
mixture of fixes and new features should be a great benefit at all.
--
Pidgin 2.2.0
+1
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** Description changed:
- Pidgin is one of the most used applications in Ubuntu for almost all new
Users.
- The new version 2.2.0 already available contains more than 130 bugfixes some
of them marked as critical
- Should we include this in Gutsy in order to give a better experience to that
1+
I also think that Pidgin 2.2.0 should make it into gutsy.
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Changed in: pidgin (Ubuntu)
Status: New = Incomplete
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
+1
The Jabber-Improvements sounds very great
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
+1
** Changed in: pidgin (Ubuntu)
Status: Incomplete = Confirmed
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
subscribing ubuntu release.
Or is this covered under the blanket GNOME exception?
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
No is not...
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
+1
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
+1 all these bug fixes and new protocols... it must be worth it :D
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
+1 Please ;)
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
+1
These bugfixes are so important! Pidgin is, as the OP said, one of the most
used applications. It should be the best it can be as it will be a primary
feature of Ubuntu Gutsy.
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are
** Changed in: pidgin (Ubuntu)
Sourcepackagename: None = pidgin
--
Pidgin 2.2.0 in Gutsy
https://bugs.launchpad.net/bugs/139686
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Upstream changelog:
Version 2.2.0 (09/13/2007):
http://developer.pidgin.im/query?status=closedmilestone=2.2.0
Libpurple:
* New protocol plugin: MySpaceIM (Jeff Connelly, Google Summer of
Code)
* XMPP enhancements. See
48 matches
Mail list logo