lp://staging/ubuntu/karmic-security/pidgin

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

59. By Marc Deslauriers on 2010-11-03

* SECURITY UPDATE: denial of service via custom emoticon
  - debian/patches/68_CVE-2010-1624.patch: make sure body is valid in
    libpurple/protocols/msn/slp.c.
  - CVE-2010-1624
* SECURITY UPDATE: denial of service via base64 decoding (LP: #666998)
  - debian/patches/69_CVE-2010-3711.patch: correctly handle
    purple_base64_decode return codes in libpurple/ntlm.c,
    libpurple/plugins/perl/common/Util.xs,
    libpurple/protocols/{jabber/auth.c,msn/slp.c,myspace/message.c,
    oscar/clientlogin.c,qq/im.c,yahoo/libymsg.c}.
  - CVE-2010-3711

58. By Marc Deslauriers on 2010-02-18

* SECURITY UPDATE: denial of service via malformed SLP message
  - debian/patches/65_security_CVE-2010-0277.patch: validate input in
    libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
  - CVE-2010-0277
* SECURITY UPDATE: denial of service via certain nicknames in Finch
  - debian/patches/66_security_CVE-2010-0420.patch: properly unescape
    text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
    libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
  - CVE-2010-0420
* SECURITY UPDATE: denial of service via large number of smileys
  - debian/patches/67_security_CVE-2010-0423.patch: limit the number of
    smileys in pidgin/gtkimhtml.c.
  - CVE-2010-0423

57. By Marc Deslauriers on 2010-01-14

* SECURITY UPDATE: denial of service via crafted contact list data
  - debian/patches/63_security_CVE-2009-3615.patch: validate contact
    list structure in libpurple/protocols/oscar/oscar.c.
  - CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
  (LP: #501089)
  - debian/patches/64_security_CVE-2010-0013.patch: ignore request for
    smileys that don't exist in the image store in
    libpurple/protocols/msn/slp.c.
  - CVE-2010-0013

56. By Felix Geyer on 2009-10-09

* Don't stick the buddy list window to all desktops as some
  window managers have trouble to properly unstick it (LP: #346840)
  - debian/patches/11_buddy_list_really_show.patch
* Always use default tray icon size on KDE (LP: #209440)
  - debian/patches/62_tray_icon_size_kde.patch
* Use scrollbars in the preferences dialog if the screen height is
  below 700 px instead of 600 px
  - debian/patches/60_1024x600_gtkprefs.c.patch

55. By Loïc Minier on 2009-09-27

* Move the pidgin-libnotify recommends from libpurple0 to pidgin as this is
  a pidgin-specific plugin (calls pidgin_*()); ideally this plugin should be
  moved to a pidgin specific dir instead of /usr/lib/purple-2/, but
  /usr/lib/pidgin/ doesn't work.
* Rename XS-Vcs-* to XS-Debian-Vcs-*.

54. By Sebastien Bacher on 2009-09-25

* debian/control:
  - Recommends pidgin-libnotify

53. By Sebastien Bacher on 2009-09-25

* debian/pidgin.postinst:
  - use preinst rather and do some tweaking

[ Ken VanDine ]
* debian/rules:
  - Moved the indicator launcher to /usr/share (LP: #434097)
* debian/pidgin.postinst:
  - remove the old indicator from /etc and remove the directory
    if it is empty

52. By Sebastien Bacher on 2009-09-14

* debian/rules:
  - install a launcher in the message indicator (lp: #424490)

51. By Artur Rona on 2009-09-06

* debian/patches/61_proxy_settings.patch:
  - Use gnome-network-properties instead of gnome-network-preferences.

50. By Sebastien Bacher on 2009-09-07

New version sync on debian