[CVE-2011-4939] pidgin: XMPP remote crash

Debian Bug report logs - #664028
[CVE-2011-4939] pidgin: XMPP remote crash

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luciano Bello <luciano@debian.org>

To: submit@bugs.debian.org

Subject: [CVE-2011-4939] pidgin: XMPP remote crash

Date: Wed, 14 Mar 2012 23:58:01 +0100

[Message part 1 (text/plain, inline)]

Package: pidgin
Version: 2.10.1-1
Severity: grave
Tags: security patch

The following vulnerability had been reported against pidgin: 
http://pidgin.im/news/security/?id=60

The patch can be found in the report.

Please use CVE-2011-4939 for this issue. The bug only affects to unstable, as 
far as I could see.

Cheers,
luciano

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 664028-close@bugs.debian.org (full text, mbox, reply):

From: Ari Pollak <ari@debian.org>

To: 664028-close@bugs.debian.org

Subject: Bug#664028: fixed in pidgin 2.10.2-1

Date: Thu, 15 Mar 2012 03:49:12 +0000

Source: pidgin
Source-Version: 2.10.2-1

We believe that the bug you reported is fixed in the latest version of
pidgin, which is due to be installed in the Debian FTP archive:

finch-dev_2.10.2-1_all.deb
  to main/p/pidgin/finch-dev_2.10.2-1_all.deb
finch_2.10.2-1_amd64.deb
  to main/p/pidgin/finch_2.10.2-1_amd64.deb
libpurple-bin_2.10.2-1_all.deb
  to main/p/pidgin/libpurple-bin_2.10.2-1_all.deb
libpurple-dev_2.10.2-1_all.deb
  to main/p/pidgin/libpurple-dev_2.10.2-1_all.deb
libpurple0_2.10.2-1_amd64.deb
  to main/p/pidgin/libpurple0_2.10.2-1_amd64.deb
pidgin-data_2.10.2-1_all.deb
  to main/p/pidgin/pidgin-data_2.10.2-1_all.deb
pidgin-dbg_2.10.2-1_amd64.deb
  to main/p/pidgin/pidgin-dbg_2.10.2-1_amd64.deb
pidgin-dev_2.10.2-1_all.deb
  to main/p/pidgin/pidgin-dev_2.10.2-1_all.deb
pidgin_2.10.2-1.debian.tar.gz
  to main/p/pidgin/pidgin_2.10.2-1.debian.tar.gz
pidgin_2.10.2-1.dsc
  to main/p/pidgin/pidgin_2.10.2-1.dsc
pidgin_2.10.2-1_amd64.deb
  to main/p/pidgin/pidgin_2.10.2-1_amd64.deb
pidgin_2.10.2.orig.tar.bz2
  to main/p/pidgin/pidgin_2.10.2.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 664028@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ari Pollak <ari@debian.org> (supplier of updated pidgin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 14 Mar 2012 21:20:18 -0400
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source all amd64
Version: 2.10.2-1
Distribution: unstable
Urgency: medium
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Ari Pollak <ari@debian.org>
Description: 
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Closes: 664028 664030
Changes: 
 pidgin (2.10.2-1) unstable; urgency=medium
 .
   * Imported Upstream version 2.10.2
     - Fixes a possible remote crash in XMPP (CVE-2011-4939) (Closes: #664028)
     - Fixes a possible remote crash in XMPP (CVE-2012-1178) (Closes: #664030)
Checksums-Sha1: 
 afd5bbfc614bdc403eeb71f53fdcdb0d7fec2fed 2134 pidgin_2.10.2-1.dsc
 5ec0a8a51a9d237f1eaf27bf8858599e8fa6ecce 9967172 pidgin_2.10.2.orig.tar.bz2
 dff50402864a6b20345cab1844a6ffc0a6511fb8 58304 pidgin_2.10.2-1.debian.tar.gz
 369249e53547bff5fe045071c85a54c3521d7d11 8422002 pidgin-data_2.10.2-1_all.deb
 6eecbc386ea18ab6e33b6f0692e018169dc3d9a1 2966152 pidgin-dev_2.10.2-1_all.deb
 7c2752f8b516ca6f017f17ab39d866d99bc85d7b 143674 finch-dev_2.10.2-1_all.deb
 41a62069cba7a882960d90bbafe5d7bd7845ff3c 291778 libpurple-dev_2.10.2-1_all.deb
 4fa3d0b6c8fcbba01bcd505667306832fd8c6978 117102 libpurple-bin_2.10.2-1_all.deb
 3fdb10a5e33cd983adcbf9ef168d5bb2946cde70 1917004 libpurple0_2.10.2-1_amd64.deb
 20ca96f873a6a978bbe2a5632f46bfcddf393fad 811952 pidgin_2.10.2-1_amd64.deb
 346483992d1894a700beb25784d13257e586b4b4 6824352 pidgin-dbg_2.10.2-1_amd64.deb
 f0a34a211a1b81aad5e1210b1006a7ba011dd6e9 358908 finch_2.10.2-1_amd64.deb
Checksums-Sha256: 
 f0ac0b6304f5b910e8f5a72b57317fed4a83dd96e30e385e626e99a02f2186b0 2134 pidgin_2.10.2-1.dsc
 e5cdd29056d36677cb81225c3b36b1bcde64605e201492f6e2fdf27ff24d32b8 9967172 pidgin_2.10.2.orig.tar.bz2
 78e54e4692dd40f03c05a3047026cfc56d4d552325f2584345f3730d6fa67d79 58304 pidgin_2.10.2-1.debian.tar.gz
 7027686d2f361ce416c7e7e75b2a2e53f199d9ffeba18c933e2d33c382776600 8422002 pidgin-data_2.10.2-1_all.deb
 d3d4128654c1bf8a0c23753f0d8609b1f20879befbb73609ea08ec5f951b7482 2966152 pidgin-dev_2.10.2-1_all.deb
 993cacf93b3819723c6305afa11e76683bc3c78b7e726b716c354fb1e03a036e 143674 finch-dev_2.10.2-1_all.deb
 cc22fbe76042d448bea4d986e2a6395d44bba91094776506be94b79ab1cd79f0 291778 libpurple-dev_2.10.2-1_all.deb
 50cbb3988223bd7529fb76d907c36de374c6bf0450390fa8bd32eae98aad8e84 117102 libpurple-bin_2.10.2-1_all.deb
 5c7818055b6b5334d89f24cef9ebcb8ad652b66fb88f9a1ae3f9fce661453609 1917004 libpurple0_2.10.2-1_amd64.deb
 2e543a925e968fd396b36e1f3c1d96f39311286b269a7307f88470ec4c93c86a 811952 pidgin_2.10.2-1_amd64.deb
 16a4c63e68c0522a5242fc858caf5aa0b7ec55cb35804f9439f9e037a5cef7c3 6824352 pidgin-dbg_2.10.2-1_amd64.deb
 acd6fba301081a9e5cd6931c3a6bf25829e72380fea29f9f254144c686799c01 358908 finch_2.10.2-1_amd64.deb
Files: 
 c89e0c9378524fd2234ec75633cad72d 2134 net optional pidgin_2.10.2-1.dsc
 f2b210f2562865d870f193ff1fe8ea75 9967172 net optional pidgin_2.10.2.orig.tar.bz2
 51350570a2d1f8634a78fe3f53e921e8 58304 net optional pidgin_2.10.2-1.debian.tar.gz
 73f23450c8f9dd3c6ecb463942870b9a 8422002 net optional pidgin-data_2.10.2-1_all.deb
 9f72cb97cc704f09ee216bcec6b3b615 2966152 devel optional pidgin-dev_2.10.2-1_all.deb
 f3feaf6c54c4f020005e5d3b05725215 143674 devel optional finch-dev_2.10.2-1_all.deb
 20ac6c80d1977e838792b635bff5d92c 291778 libdevel optional libpurple-dev_2.10.2-1_all.deb
 7832cc3a323d25b74f9764734dc382f0 117102 net optional libpurple-bin_2.10.2-1_all.deb
 f3dc2c00e15843ab8229e3a0413345d2 1917004 net optional libpurple0_2.10.2-1_amd64.deb
 bfdfab4154e416c5abfcde492725ee00 811952 net optional pidgin_2.10.2-1_amd64.deb
 0db5d7ac4c9ac43753b60d78850c28ae 6824352 debug extra pidgin-dbg_2.10.2-1_amd64.deb
 443cca3c1a972fba1799a2a32cede983 358908 net optional finch_2.10.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk9hYY0ACgkQwO+u47cOQDsp+gCghMYUbKX6mA6AAASIUBcxnlpO
sQcAnjyCbQRFu3ICApVOjMI/STfmOdhq
=O6m6
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.