This bug was fixed in the package pidgin - 1:2.4.1-1ubuntu2.8 --------------- pidgin (1:2.4.1-1ubuntu2.8) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via TOPIC message - debian/patches/87_security_CVE-2009-2703.patch: validate args in libpurple/protocols/irc/msgs.c. - CVE-2009-2703 * SECURITY UPDATE: information disclosure via incorrect jabber TLS handling - debian/patches/88_security_CVE-2009-3026.patch: bail out if encryption is not available in libpurple/protocols/jabber/auth.c. - CVE-2009-3026 * SECURITY UPDATE: denial of service via malformed SLP invite message - debian/patches/89_security_CVE-2009-3083.patch: validate branch, content_type and content in libpurple/protocols/msn/slp.c and libpurple/protocols/msnp9/slp.c. - CVE-2009-3083 * SECURITY UPDATE: denial of service via crafted contact list data - debian/patches/90_security_CVE-2009-3615.patch: validate contact list structure in libpurple/protocols/oscar/oscar.c. - CVE-2009-3615 * SECURITY UPDATE: denial of service via specially formulated long filename (LP: #245769) - previous 72_SECURITY_CVE-2008-2955.patch patch was incomplete - debian/patches/91_security_CVE-2008-2955-2.patch: change src/protocols/msnp9/[slplink.c,slpcall.*] to make sure xfer structure still exists before putting dest_fp in it. - CVE-2008-2955 * SECURITY UPDATE: arbitrary code execution via crafted MSN message - previous 83_security_CVE-2009-1376.patch patch was incomplete - debian/patches/92_security_CVE-2009-1376-2.patch: switch offset variable to guint64 in libpurple/protocols/msnp9/slplink.c. - CVE-2009-1376 * Fix connection issue with MSN (LP: #494002) - debian/patches/93_msn_protocol8.patch: use protocol v8 in libpurple/protocols/msnp9/session.c, as it seems v9 isn't supported by msn anymore. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Fri, 15 Jan 2010 12:56:44 -0500 ** Changed in: pidgin (Ubuntu) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2955 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-1376 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-2703 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3026 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3083 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3615 -- [hardy] Failing to connect to MSN with 'protocol is not supported' error https://bugs.launchpad.net/bugs/494002 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs