Your message dated Wed, 02 Jul 2008 17:32:41 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#488632: fixed in pidgin 2.4.3-1
has caused the Debian Bug report #488632,
regarding pidgin: Few security flaws
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
488632: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488632
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: pidgin
Severity: grave
Tags: security
Justification: user security hole
Hi
The following email came over the public security list:
There are three pidgin flaws that could use CVE ids.
http://marc.info/?l=bugtraq&m=121449329530282&w=4
And two here:
http://crisp.cs.du.edu/?q=ca2007-1
If you fix them, please upload with high urgency to unstable so that
it reaches testing soon. Since pidgin is often stalled in migration,
it would be good, if you could consider preparing a testing-security
upload.
Cheers
Steffen
--- End Message ---
--- Begin Message ---
Source: pidgin
Source-Version: 2.4.3-1
We believe that the bug you reported is fixed in the latest version of
pidgin, which is due to be installed in the Debian FTP archive:
finch-dev_2.4.3-1_all.deb
to pool/main/p/pidgin/finch-dev_2.4.3-1_all.deb
finch_2.4.3-1_amd64.deb
to pool/main/p/pidgin/finch_2.4.3-1_amd64.deb
libpurple-bin_2.4.3-1_all.deb
to pool/main/p/pidgin/libpurple-bin_2.4.3-1_all.deb
libpurple-dev_2.4.3-1_all.deb
to pool/main/p/pidgin/libpurple-dev_2.4.3-1_all.deb
libpurple0_2.4.3-1_amd64.deb
to pool/main/p/pidgin/libpurple0_2.4.3-1_amd64.deb
pidgin-data_2.4.3-1_all.deb
to pool/main/p/pidgin/pidgin-data_2.4.3-1_all.deb
pidgin-dbg_2.4.3-1_amd64.deb
to pool/main/p/pidgin/pidgin-dbg_2.4.3-1_amd64.deb
pidgin-dev_2.4.3-1_all.deb
to pool/main/p/pidgin/pidgin-dev_2.4.3-1_all.deb
pidgin_2.4.3-1.diff.gz
to pool/main/p/pidgin/pidgin_2.4.3-1.diff.gz
pidgin_2.4.3-1.dsc
to pool/main/p/pidgin/pidgin_2.4.3-1.dsc
pidgin_2.4.3-1_amd64.deb
to pool/main/p/pidgin/pidgin_2.4.3-1_amd64.deb
pidgin_2.4.3.orig.tar.gz
to pool/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ari Pollak <[EMAIL PROTECTED]> (supplier of updated pidgin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Wed, 02 Jul 2008 10:44:14 -0400
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev
libpurple-dev libpurple-bin
Architecture: source all amd64
Version: 2.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Robert McQueen <[EMAIL PROTECTED]>
Changed-By: Ari Pollak <[EMAIL PROTECTED]>
Description:
finch - text-based multi-protocol instant messaging client
finch-dev - text-based multi-protocol instant messaging client - development
libpurple-bin - multi-protocol instant messaging library - extra utilities
libpurple-dev - multi-protocol instant messaging library - development files
libpurple0 - multi-protocol instant messaging library
pidgin - graphical multi-protocol instant messaging client for X
pidgin-data - multi-protocol instant messaging client - data files
pidgin-dbg - Debugging symbols for Pidgin
pidgin-dev - multi-protocol instant messaging client - development files
Closes: 469863 484429 484750 488632 488852 488930
Changes:
pidgin (2.4.3-1) unstable; urgency=high
.
* New upstream release (Closes: #488930)
- Fixes ICQ sign-on problems (Closes: #488852)
- Fixes an MSN integer overflow security issue, CVE-2008-2927
(Closes: #488632). The other issues referenced by that bug report
are questionably problematic, and they aren't that serious.
* Remove -fstack-protector since it just makes pidgin crash on arm(el).
(Closes: #469863)
* Remove bashism in debian/rules (Closes: #484429)
* Remove Network Manager support again since it's still buggy and doesn't
actually tell the user what's going on (Closes: #484750)
* debian/patches/16_yahoo_icon_crash.patch:
- Drop patch, integrated upstream
Checksums-Sha1:
59e9350c9a6da8dad120a725d38de1d487e5f122 1800 pidgin_2.4.3-1.dsc
a4e484aa0748f4ce0ded791ad65ad96940ef7b27 13123610 pidgin_2.4.3.orig.tar.gz
f9fa327043d7ff9ddde09f1a5f5192f901fd0b07 59023 pidgin_2.4.3-1.diff.gz
00b6d4dfa07df8f1522966d0d90cf74fa5d54ece 7014696 pidgin-data_2.4.3-1_all.deb
0d44d59fe2c661ca4e64137f91fddbc74fe4b0ab 193162 pidgin-dev_2.4.3-1_all.deb
a7632ba2dc11bf3d8257e6be22cc2d20532db5d5 155378 finch-dev_2.4.3-1_all.deb
49dc454232bec2f7294f68cf2f38e86401f2fe60 274512 libpurple-dev_2.4.3-1_all.deb
09a1bde2e170334f34ed424fda4287b3dc2d2813 131564 libpurple-bin_2.4.3-1_all.deb
a42b3485aa6f3e7ab27e6e9c00419616c46ec3b2 1710048 libpurple0_2.4.3-1_amd64.deb
d883383249d45201942db00938f0804c90c94d4f 727320 pidgin_2.4.3-1_amd64.deb
e44741600a7efcf85928f4ce68e8b0344605d5de 5722440 pidgin-dbg_2.4.3-1_amd64.deb
a31ad723dbf7414f5084be8a64c33b945beef9ea 347528 finch_2.4.3-1_amd64.deb
Checksums-Sha256:
241a71196a5bb363325f996754bd8b385309ecdad335218bd5670b9d6bafc128 1800
pidgin_2.4.3-1.dsc
74b85c40408bdade6727efb2817a7cb5afbeb1e311d7a74fe747dd3c9b03ff6f 13123610
pidgin_2.4.3.orig.tar.gz
74fb8a13377123f19b41e7c866e23a9d3bfe959037e21ab0175521cc5225221e 59023
pidgin_2.4.3-1.diff.gz
b0906cd8a2bf36ce1a523525e3f2c4198e3e316910f5faf6b9dc4b1cb0934032 7014696
pidgin-data_2.4.3-1_all.deb
17805a17129fe42b67911772e2bd45fdd7bae82fa516d81b22ad05290543b2eb 193162
pidgin-dev_2.4.3-1_all.deb
3d6a105b6196c1a42e6f367e7b03a0d933260dcfaa177345ad0f62fbdafa0580 155378
finch-dev_2.4.3-1_all.deb
ad547cb0bda98c6fc6f1984933d91b67a75f030a49553ace74e101eb475f313a 274512
libpurple-dev_2.4.3-1_all.deb
07d087f8df7644ee775bcbaa8fff67d9258c3d0d86c4da0ada94487626b35671 131564
libpurple-bin_2.4.3-1_all.deb
4fab5b5e91c43e3630de649a604116b64449f9a22af26407e73a01d6bc79f71b 1710048
libpurple0_2.4.3-1_amd64.deb
77da9345c7192dcc7a45f4d26589f5ee79e2306233fdf62cb35e1d8ce84946b3 727320
pidgin_2.4.3-1_amd64.deb
bd78e4e7967f90f1e0458a6be3ca2b1d9842944c2d265587fb98966025b02d77 5722440
pidgin-dbg_2.4.3-1_amd64.deb
45e15949a22c3fdad789a0efbcc60a971767f4ab78bc26a06069e93e8e64ac90 347528
finch_2.4.3-1_amd64.deb
Files:
5cfd2e82172d7a3a46342cf82f39148c 1800 net optional pidgin_2.4.3-1.dsc
d0e0bd218fbc67df8b2eca2f21fcd427 13123610 net optional pidgin_2.4.3.orig.tar.gz
117eee02a6cfe3cf2c69a82084f138d8 59023 net optional pidgin_2.4.3-1.diff.gz
7f023e576795c7b35e96e30636784cf7 7014696 net optional
pidgin-data_2.4.3-1_all.deb
3b1837185c71a37964042c5a72ace647 193162 devel optional
pidgin-dev_2.4.3-1_all.deb
c72e4202334eec83e3bd69bd9e5f9fea 155378 devel optional
finch-dev_2.4.3-1_all.deb
d93c077df9e574b7060c24ef5e3a7627 274512 libdevel optional
libpurple-dev_2.4.3-1_all.deb
3cec5ad1d9a9ba4cc418666a067d830a 131564 net optional
libpurple-bin_2.4.3-1_all.deb
09b7f8a8816509ef0524aa740c37ccfb 1710048 net optional
libpurple0_2.4.3-1_amd64.deb
6690872e5042a00cb335ed338102948d 727320 net optional pidgin_2.4.3-1_amd64.deb
acf326884c72f453f6a8ada4c93e93a4 5722440 net extra pidgin-dbg_2.4.3-1_amd64.deb
83b4d7f4bf035241327e59ba4bb7e97d 347528 net optional finch_2.4.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIa7kawO+u47cOQDsRA+l2AJ9VONp/YOG4Ec42U9gEioZHm4y6fwCfd21c
DkDO5q1CiIAbmtyrHo9h+Eo=
=tpEi
-----END PGP SIGNATURE-----
--- End Message ---
