-
pidgin (1:2.10.11-0ubuntu4.2) wily-security; urgency=medium
* SECURITY UPDATE: denial of service and code execution in MXIT protocol
- debian/patches/CVE-2016-*.patch: fix multiple issues.
- CVE-2016-2365
- CVE-2016-2366
- CVE-2016-2367
- CVE-2016-2368
- CVE-2016-2369
- CVE-2016-2370
- CVE-2016-2371
- CVE-2016-2372
- CVE-2016-2373
- CVE-2016-2374
- CVE-2016-2375
- CVE-2016-2376
- CVE-2016-2377
- CVE-2016-2378
- CVE-2016-2380
- CVE-2016-4323
-- Marc Deslauriers <email address hidden> Tue, 12 Jul 2016 08:49:31 -0400
-
pidgin (1:2.10.11-0ubuntu4.1) wily; urgency=medium
* debian/patches/hg_gst_leak.patch:
"When receiving an error or stream finished message, we can free the
Gstreamer pipeline so we don't leak it for each sound." (lp: #1479715)
-- Sebastien Bacher <email address hidden> Tue, 23 Feb 2016 11:38:09 +0100
-
pidgin (1:2.10.11-0ubuntu4) wily; urgency=medium
* No change rebuild against libfarstream-0.2-5
-- Robert Ancell <email address hidden> Thu, 25 Jun 2015 20:23:27 +1200
-
pidgin (1:2.10.11-0ubuntu3) wily; urgency=medium
* debian/control:
- Build-depend on python3
- libpurple-bin depends on python3, python3-dbus
- Add missing depend on dbus for libpurple-bin
* debian/patches/python3.patch:
- Use Python 3 (LP: #1440390)
-- Robert Ancell <email address hidden> Thu, 11 Jun 2015 09:42:14 +1200
-
pidgin (1:2.10.11-0ubuntu2) wily; urgency=medium
* debian/control:
- Build-depend on libgstreamer1.0-dev, libgstreamer-plugins-base1.0-dev,
libfarstream-0.2
- Recommend gstreamer1.0-plugins-base, gstreamer1.0-plugins-good
* debian/patches/gstreamer1.patch:
- Use gstreamer 1.0 (LP: #1295207)
-- Robert Ancell <email address hidden> Fri, 29 May 2015 11:28:51 +1200
-
pidgin (1:2.10.11-0ubuntu1) wily; urgency=medium
* New upstream release (LP: #1402424)
* debian/patches/CVE-2014-3775.patch:
* debian/patches/CVE-2014-3698.patch:
* debian/patches/CVE-2014-3696.patch:
* debian/patches/CVE-2014-3695.patch:
* debian/patches/CVE-2014-3694.patch:
- Applied upstream
* debian/libpurple0.symbols:
- Updated
-- Robert Ancell <email address hidden> Fri, 29 May 2015 10:51:05 +1200
-
pidgin (1:2.10.9-0ubuntu8) vivid; urgency=medium
* SECURITY UPDATE: insufficient ssl certificate validation
- debian/patches/CVE-2014-3694.patch: fix basic constraints checking in
libpurple/certificate.c, libpurple/certificate.h,
libpurple/plugins/ssl/ssl-gnutls.c, libpurple/plugins/ssl/ssl-nss.c.
- CVE-2014-3694
* SECURITY UPDATE: denial of service via malformed MXit emoticon response
- debian/patches/CVE-2014-3695.patch: properly check lengths in
libpurple/protocols/mxit/markup.c.
- CVE-2014-3695
* SECURITY UPDATE: denial of service via malformed Groupwise message
- debian/patches/CVE-2014-3696.patch: check sizes in
libpurple/protocols/novell/nmevent.c.
- CVE-2014-3696
* SECURITY UPDATE: XMPP information leak
- debian/patches/CVE-2014-3698.patch: fix leaks in
libpurple/protocols/jabber/jutil.c.
- CVE-2014-3698
-- Marc Deslauriers <email address hidden> Tue, 28 Oct 2014 08:11:48 -0400
