Your message dated Sun, 18 Apr 2010 20:02:47 +0000
with message-id <e1o3ahb-0002h4...@ries.debian.org>
and subject line Bug#566775: fixed in pidgin 2.4.3-4lenny6
has caused the Debian Bug report #566775,
regarding pidgin: CVE-2010-0277 denial-of-service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
566775: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566775
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pidgin
Version: 2.6.5-2
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for pidgin.
CVE-2010-0277[0]:
| slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
| Adium 1.3.8 allows remote attackers to cause a denial of service
| (memory corruption) or possibly have unspecified other impact via
| unknown vectors, a different issue than CVE-2010-0013.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277
http://security-tracker.debian.org/tracker/CVE-2010-0277
--- End Message ---
--- Begin Message ---
Source: pidgin
Source-Version: 2.4.3-4lenny6
We believe that the bug you reported is fixed in the latest version of
pidgin, which is due to be installed in the Debian FTP archive:
finch-dev_2.4.3-4lenny6_all.deb
to main/p/pidgin/finch-dev_2.4.3-4lenny6_all.deb
finch_2.4.3-4lenny6_amd64.deb
to main/p/pidgin/finch_2.4.3-4lenny6_amd64.deb
libpurple-bin_2.4.3-4lenny6_all.deb
to main/p/pidgin/libpurple-bin_2.4.3-4lenny6_all.deb
libpurple-dev_2.4.3-4lenny6_all.deb
to main/p/pidgin/libpurple-dev_2.4.3-4lenny6_all.deb
libpurple0_2.4.3-4lenny6_amd64.deb
to main/p/pidgin/libpurple0_2.4.3-4lenny6_amd64.deb
pidgin-data_2.4.3-4lenny6_all.deb
to main/p/pidgin/pidgin-data_2.4.3-4lenny6_all.deb
pidgin-dbg_2.4.3-4lenny6_amd64.deb
to main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_amd64.deb
pidgin-dev_2.4.3-4lenny6_all.deb
to main/p/pidgin/pidgin-dev_2.4.3-4lenny6_all.deb
pidgin_2.4.3-4lenny6.diff.gz
to main/p/pidgin/pidgin_2.4.3-4lenny6.diff.gz
pidgin_2.4.3-4lenny6.dsc
to main/p/pidgin/pidgin_2.4.3-4lenny6.dsc
pidgin_2.4.3-4lenny6_amd64.deb
to main/p/pidgin/pidgin_2.4.3-4lenny6_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 566...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ari Pollak <a...@debian.org> (supplier of updated pidgin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Sun, 14 Feb 2010 15:33:23 -0500
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev
libpurple-dev libpurple-bin
Architecture: source all amd64
Version: 2.4.3-4lenny6
Distribution: stable-security
Urgency: medium
Maintainer: Ari Pollak <a...@debian.org>
Changed-By: Ari Pollak <a...@debian.org>
Description:
finch - text-based multi-protocol instant messaging client
finch-dev - text-based multi-protocol instant messaging client - development
libpurple-bin - multi-protocol instant messaging library - extra utilities
libpurple-dev - multi-protocol instant messaging library - development files
libpurple0 - multi-protocol instant messaging library
pidgin - graphical multi-protocol instant messaging client for X
pidgin-data - multi-protocol instant messaging client - data files
pidgin-dbg - Debugging symbols for Pidgin
pidgin-dev - multi-protocol instant messaging client - development files
Closes: 566775
Changes:
pidgin (2.4.3-4lenny6) stable-security; urgency=medium
.
* Disable MSN entirely, since Microsoft's servers won't work with this
version anyway; avoids a bunch of MSN-related holes
(CVE-2010-0277, CVE-2009-3084, CVE-2009-3083) (Closes: #566775)
* debian/patches/38_CVE-2010-0423.patch:
- Fixes a remote DoS with too many custom smileys (no CVE yet?)
* debian/patches/39_CVE-2010-0420:
- Fixes a remote crash in Finch XMPP (CVE-2010-0420)
Checksums-Sha1:
8ba4a22a16f6e53175a600b60e3c93660e87efdf 1784 pidgin_2.4.3-4lenny6.dsc
87b8481ddb9c1242a34141b4efd7c15e98ca3e78 72144 pidgin_2.4.3-4lenny6.diff.gz
3ad6628a0f42e3b82545c026373068a020ce5a35 7019074
pidgin-data_2.4.3-4lenny6_all.deb
460d11dc4bcedb164a6f717ff4864d708ca50fe7 193802
pidgin-dev_2.4.3-4lenny6_all.deb
ce75593e44b73a3180cd35eafdb4ab4d78b73da9 159726 finch-dev_2.4.3-4lenny6_all.deb
c7381f26e7449da0fa930da51d84bd7e06ea993f 277220
libpurple-dev_2.4.3-4lenny6_all.deb
e8fa5ad08bfc48784ade2cfa8da3936864e0e592 133894
libpurple-bin_2.4.3-4lenny6_all.deb
7766661822af6a9c16b23b3a799837eaf29c0d94 1406192
libpurple0_2.4.3-4lenny6_amd64.deb
c0847319eefcd9bc7052c68b6c32d1f1ed0b5bf6 727918 pidgin_2.4.3-4lenny6_amd64.deb
91050cf012b880830537a206c91859fbdb7a2319 5067988
pidgin-dbg_2.4.3-4lenny6_amd64.deb
a953ed230afb466b071b73f9b9e40579bb8410fc 348062 finch_2.4.3-4lenny6_amd64.deb
Checksums-Sha256:
114826484725bba9e53323cfdb6f6d6a7485e7a2397e7c7da1267568627d4ae4 1784
pidgin_2.4.3-4lenny6.dsc
d346de4c6327db22470ee6ccd88e7a8f8ca2bc814cae21bc7a1f55d96721ff86 72144
pidgin_2.4.3-4lenny6.diff.gz
41ebccc101fa58324dd591a7b05d9b375adf61a133572521150aae929ec27eaa 7019074
pidgin-data_2.4.3-4lenny6_all.deb
951fa96a2644c2d538621100d9d55c3107cd533f1fd9d3441101c1eb5721c988 193802
pidgin-dev_2.4.3-4lenny6_all.deb
ed4e81175b9f8a01f152d376a7be48b626c3785c2bcfce7699b697985867d18d 159726
finch-dev_2.4.3-4lenny6_all.deb
f9d6579cca9ba4cef47e5155d31ecd9dfce134557058e75a5cd3ddfb2bafbc6f 277220
libpurple-dev_2.4.3-4lenny6_all.deb
9a3a92652863434bdd28860be81f50a0f0947c9b13ea04cbd16476c5737a3c59 133894
libpurple-bin_2.4.3-4lenny6_all.deb
abaed1b1f3b6bd3a28e53d7bf0e12be4a7efe8128e1603e58d1439e71258a250 1406192
libpurple0_2.4.3-4lenny6_amd64.deb
5cf53f88fd0f9b1cb20ba5c9990a44ce115d4542d611ab694ae73b0fb725c06f 727918
pidgin_2.4.3-4lenny6_amd64.deb
98985f1c062d352277d7dba6b2ae20dd8f27d3264fea563d9349d9728cce0a50 5067988
pidgin-dbg_2.4.3-4lenny6_amd64.deb
713a3cb879a9ccfc200984c2e72d9b701241056d23a38f338c201ef4b1eb1b7c 348062
finch_2.4.3-4lenny6_amd64.deb
Files:
f640f8119ef901c7be009232c6dfee05 1784 net optional pidgin_2.4.3-4lenny6.dsc
85217de41bcd069748eb441886cdfab9 72144 net optional
pidgin_2.4.3-4lenny6.diff.gz
1c79c0da4c115e2699d577b957c4e541 7019074 net optional
pidgin-data_2.4.3-4lenny6_all.deb
b05666d23964d0d28646dc49a85de940 193802 devel optional
pidgin-dev_2.4.3-4lenny6_all.deb
c657bace836fb1d4f3c04c57bdcd7e19 159726 devel optional
finch-dev_2.4.3-4lenny6_all.deb
9517eadf780382575efcd57ba9dc308b 277220 libdevel optional
libpurple-dev_2.4.3-4lenny6_all.deb
49e2b54dcad5a2b40705478118da2d72 133894 net optional
libpurple-bin_2.4.3-4lenny6_all.deb
68711767e43c6a0722b8b4d5ed59843a 1406192 net optional
libpurple0_2.4.3-4lenny6_amd64.deb
e6447c0efc4f5c490bc806f00840b075 727918 net optional
pidgin_2.4.3-4lenny6_amd64.deb
c430e8ff4e8b13830c71da4f6948a4f6 5067988 net extra
pidgin-dbg_2.4.3-4lenny6_amd64.deb
042092eae5df409b1b39ae96a6a5b856 348062 net optional
finch_2.4.3-4lenny6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREDAAYFAkt6/38ACgkQwO+u47cOQDuEwQCaA8sDwqMfNIrqW9P7JOtaoiz3
vDAAni91X4zZgKAs0736u3z0MJfWWdC6
=wRQP
-----END PGP SIGNATURE-----
--- End Message ---
