www: c4d075c4: 2.7.9 is out.
rekkanoryo at pidgin.im
rekkanoryo at pidgin.im
Sun Dec 26 23:12:55 EST 2010
----------------------------------------------------------------------
Revision: c4d075c4c43b9e012a92f4409a1df8eaa72da2d9
Parent: 38f8587d5b4c3807c7e9c4b74e1f87ac179609c1
Author: rekkanoryo at pidgin.im
Date: 12/26/10 22:57:01
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/c4d075c4c43b9e012a92f4409a1df8eaa72da2d9
Changelog:
2.7.9 is out.
Changes against parent 38f8587d5b4c3807c7e9c4b74e1f87ac179609c1
patched htdocs/ChangeLog
patched htdocs/index.php
patched htdocs/news/security/index.php
patched inc/version.inc
-------------- next part --------------
============================================================
--- htdocs/index.php 51028e75bb2d0640b7af8c79d84948ef31cd8b3c
+++ htdocs/index.php b2e64cd8a50f4a96cb97f3af0893001df24ec08d
@@ -72,7 +72,7 @@ include($_SERVER['DOCUMENT_ROOT'] . "/..
<!-- This will pull from somewhere else at some point -->
<p class="more" id="lowblurb">
-Pidgin 2.7.8 is out and contains a bunch of bugfixes!
+Pidgin 2.7.9 is out and contains a fix for a security issue in MSN that leads to a crash.
</p>
<? /* Avoid outputting this stuff yet.
============================================================
--- inc/version.inc 6caecb82350596857eb27a54e1ae05b84a86bd57
+++ inc/version.inc 679adfc8e4473dddd1fa50914c827f5707d1c880
@@ -1,10 +1,10 @@
<?
// Current Pidgin Release
-$pidgin_version = "2.7.8";
+$pidgin_version = "2.7.9";
// Current Windows Pidgin Release
-$pidgin_win32_version = "2.7.8";
+$pidgin_win32_version = "2.7.9";
// Version of Pidgin in the Ubuntu PPA
$pidgin_ubuntu_version = "2.7.7";
============================================================
--- htdocs/ChangeLog d79c37b1aca1b41e377deb870681bb33158a3009
+++ htdocs/ChangeLog 204a3ea5163ce06640d28681cdb3ca5e8aacc0bb
@@ -1,5 +1,10 @@ Pidgin and Finch: The Pimpin' Penguin IM
Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
+version 2.7.9 (12/26/2010):
+ MSN:
+ * Fix a crash when receiving short packets related to P2Pv2. (CVE ID
+ pending)
+
version 2.7.8 (12/19/2010):
General:
* Fix the exceptions in purple-remote on Python 2.6+. (Ari Pollak)
============================================================
--- htdocs/news/security/index.php 46f08a5b6e4fadcc51548e0dabd74eea090b214c
+++ htdocs/news/security/index.php cc50795dc2e302181fb0cb7a5982904c19c4af32
@@ -520,10 +520,23 @@ $vulnerabilities = array(
"fixrevisions" => "b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc",
"fixedversion" => "2.7.4",
"discoveredby" => "Daniel Atallah"
+ ),
+ array(
+ "date" => "2010-12-26",
+ "cve" => "pending",
+ "summary" => "Remotely-triggered denial of service in MSN",
+ "description" => "It was discovered that libpurple 2.7.6 through 2.7.8 did not properly handle "short" packets in MSN direct connection sessions, leading to a crash due to a NULL pointer dereference. Malicious clients or users can exploit this to cause a denial of service (crash).",
+ "fix" => "Ignore short packets.",
+ "fixrevisions" => "aaa07bde3c51d3684391ae6ed86b6dbaeab5d031",
+ "fixedversion" => "2.7.9",
+ "discoveredby" => "Stu Tomlinson"
)
);
/* Template for the unfortunate future
array(
+);
+/* Template for the unfortunate future
+ array(
"title" => "",
"date" => "",
"cve" => "",
More information about the Commits
mailing list