This bug was fixed in the package pidgin - 1:2.10.0-0ubuntu2.1 --------------- pidgin (1:2.10.0-0ubuntu2.1) oneiric-security; urgency=low
* SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ messages (LP: #958208) - debian/patches/CVE-2011-4601.patch: Validate incoming messages to enforce proper UTF-8 encoding. Based on upstream patch. - CVE-2011-4601 * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice and video chat requests (LP: #958208) - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice and video chat requests. Based on upstream patch. - CVE-2011-4602 * SECURITY UPDATE: Remote denial of service via specially crafted SILC messages (LP: #958208) - debian/patches/CVE-2011-4603.patch: Validate incoming messages to enforce proper UTF-8 encoding. Based on upstream patch. - CVE-2011-4603 * SECURITY UPDATE: Remote denial of service via nickname changes in XMPP chat rooms (LP: #958208) - debian/patches/CVE-2011-4939.patch: Ensure pointer is non-NULL prior to dereferencing it. Based on upstream patch. - CVE-2011-4939 * SECURITY UPDATE: Remote denial of service via specially crafted MSN offline messages (LP: #958208) - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to UTF-8 if they are not already UTF-8. Based on upstream patch. - CVE-2012-1178 * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file transfer requests (LP: #996691) - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5 connection attempts. Based on upstream patch. - CVE-2012-2214 * SECURITY UPDATE: Remote denial of service via specially crafted MSN messages (LP: #996691) - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8, then validate the messages. Based on upstream patch. - CVE-2012-2318 * SECURITY UPDATE: Remote denial of service via specially crafted MXit messages (LP: #1022012) - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory instead of a fixed size buffer. Based on upstream patch. - CVE-2012-3374 -- Tyler Hicks <tyhi...@canonical.com> Sun, 08 Jul 2012 18:14:21 -0500 ** Changed in: pidgin (Ubuntu Lucid) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4922 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/958208 Title: Backport security fixes from Pidgin 2.10.1 and 2.10.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/958208/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs