oem-qa team mailing list archive

Thread
Date

[Bug 383335] Re: Please update pidgin to fix security vulnerabilities

To: oem-qa@xxxxxxxxxxxxxxxxxxx
From: Chris Wayne <chris.wayne@xxxxxxxxxxxxx>
Date: Tue, 16 Jun 2009 18:24:24 -0000
Reply-to: Bug 383335 <383335@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: dell-mini
       Status: New => Confirmed

-- 
Please update pidgin to fix security vulnerabilities
https://bugs.launchpad.net/bugs/383335
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: Confirmed

Bug description:
Pidgin in generic hardy has been update to fix three security vulnerabilities. The patches should be applied to tpidgin for the mini. Note that pidgin for the mini is in version 1:2.4.3ubuntu1~hardy1netbook5.

pidgin (1:2.4.1-1ubuntu2.4) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service or possible code execution in XMPP
    file transfer
    - debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
      correctly in libpurple/protocols/jabber/si.c.
    - CVE-2009-1373
  * SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
    - debian/patches/82_security_CVE-2009-1375.patch: add an additional
      check in libpurple/circbuffer.c.
    - CVE-2009-1375
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - debian/patches/83_security_CVE-2009-1376.patch: switch offset
      variable to guint64 in libpurple/protocols/msn/slplink.c.
    - CVE-2009-1376

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Mon, 25 May 2009 17:24:40 +0200

References

[Bug 383335] [NEW] Please update pidgin to fix security vulnerabilities
From: feranick, 2009-06-03