www: c4d075c4: 2.7.9 is out.

rekkanoryo at pidgin.im rekkanoryo at pidgin.im
Sun Dec 26 23:12:55 EST 2010


----------------------------------------------------------------------
Revision: c4d075c4c43b9e012a92f4409a1df8eaa72da2d9
Parent:   38f8587d5b4c3807c7e9c4b74e1f87ac179609c1
Author:   rekkanoryo at pidgin.im
Date:     12/26/10 22:57:01
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/c4d075c4c43b9e012a92f4409a1df8eaa72da2d9

Changelog: 

2.7.9 is out.

Changes against parent 38f8587d5b4c3807c7e9c4b74e1f87ac179609c1

  patched  htdocs/ChangeLog
  patched  htdocs/index.php
  patched  htdocs/news/security/index.php
  patched  inc/version.inc

-------------- next part --------------
============================================================
--- htdocs/index.php	51028e75bb2d0640b7af8c79d84948ef31cd8b3c
+++ htdocs/index.php	b2e64cd8a50f4a96cb97f3af0893001df24ec08d
@@ -72,7 +72,7 @@ include($_SERVER['DOCUMENT_ROOT'] . "/..
 
 <!-- This will pull from somewhere else at some point -->
 <p class="more" id="lowblurb">
-Pidgin 2.7.8 is out and contains a bunch of bugfixes!
+Pidgin 2.7.9 is out and contains a fix for a security issue in MSN that leads to a crash.
 </p>
 
 <? /* Avoid outputting this stuff yet.
============================================================
--- inc/version.inc	6caecb82350596857eb27a54e1ae05b84a86bd57
+++ inc/version.inc	679adfc8e4473dddd1fa50914c827f5707d1c880
@@ -1,10 +1,10 @@
 <?
 
 // Current Pidgin Release
-$pidgin_version        = "2.7.8";
+$pidgin_version        = "2.7.9";
 
 // Current Windows Pidgin Release
-$pidgin_win32_version  = "2.7.8";
+$pidgin_win32_version  = "2.7.9";
 
 // Version of Pidgin in the Ubuntu PPA
 $pidgin_ubuntu_version = "2.7.7";
============================================================
--- htdocs/ChangeLog	d79c37b1aca1b41e377deb870681bb33158a3009
+++ htdocs/ChangeLog	204a3ea5163ce06640d28681cdb3ca5e8aacc0bb
@@ -1,5 +1,10 @@ Pidgin and Finch: The Pimpin' Penguin IM
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
+version 2.7.9 (12/26/2010):
+	MSN:
+	* Fix a crash when receiving short packets related to P2Pv2. (CVE ID
+	  pending)
+
 version 2.7.8 (12/19/2010):
 	General:
 	* Fix the exceptions in purple-remote on Python 2.6+. (Ari Pollak)
============================================================
--- htdocs/news/security/index.php	46f08a5b6e4fadcc51548e0dabd74eea090b214c
+++ htdocs/news/security/index.php	cc50795dc2e302181fb0cb7a5982904c19c4af32
@@ -520,10 +520,23 @@ $vulnerabilities = array(
 		"fixrevisions" => "b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc",
 		"fixedversion" => "2.7.4",
 		"discoveredby" => "Daniel Atallah"
+	),
+	array(
+		"date"         => "2010-12-26",
+		"cve"          => "pending",
+		"summary"      => "Remotely-triggered denial of service in MSN",
+		"description"  => "It was discovered that libpurple 2.7.6 through 2.7.8 did not properly handle &quot;short&quot; packets in MSN direct connection sessions, leading to a crash due to a NULL pointer dereference.  Malicious clients or users can exploit this to cause a denial of service (crash).",
+		"fix"          => "Ignore short packets.",
+		"fixrevisions" => "aaa07bde3c51d3684391ae6ed86b6dbaeab5d031",
+		"fixedversion" => "2.7.9",
+		"discoveredby" => "Stu Tomlinson"
 	)
 );
 /*	Template for the unfortunate future
 	array(
+);
+/*	Template for the unfortunate future
+	array(
 		"title"        => "",
 		"date"         => "",
 		"cve"          => "",


More information about the Commits mailing list