www: 3ac6b89e: Updates for 2.10.1

markdoliner at pidgin.im markdoliner at pidgin.im
Sat Dec 10 15:05:26 EST 2011


----------------------------------------------------------------------
Revision: 3ac6b89e8895945ae5b8e43cabc4b07161e74ab5
Parent:   5fd71006fdbf714e134a526d695fdcda64d0b893
Author:   markdoliner at pidgin.im
Date:     12/10/11 15:02:57
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/3ac6b89e8895945ae5b8e43cabc4b07161e74ab5

Changelog: 

Updates for 2.10.1

Changes against parent 5fd71006fdbf714e134a526d695fdcda64d0b893

  patched  htdocs/ChangeLog
  patched  htdocs/index.php
  patched  htdocs/news/security/index.php
  patched  inc/version.inc

-------------- next part --------------
============================================================
--- htdocs/index.php	da435fd0c3dfb0ddfbcd39916d020182b7d30f8c
+++ htdocs/index.php	b474a5c171f065b733b90b884a41d1a378c2fe0c
@@ -72,7 +72,7 @@ include($_SERVER['DOCUMENT_ROOT'] . "/..
 <!-- This will pull from somewhere else at some point -->
 <p class="more" id="lowblurb">
 <!-- Put little news blurbs here! -->
-Pidgin 2.10.0 contains a few small security updates.  Please upgrade!
+Pidgin 2.10.1 contains a few security updates.  Please upgrade!
 </p>
 
 <?php /* Avoid outputting this stuff yet.
============================================================
--- inc/version.inc	79ffba7d7b45d6ab9b202ed5a509b9af86b6841c
+++ inc/version.inc	ffbfb223cdafeb9a8b3f8cd725313eeb2151e9c2
@@ -1,7 +1,7 @@
 <?php
 
 // Current Pidgin Release
-$pidgin_version        = "2.10.0";
+$pidgin_version        = "2.10.1";
 
 // Current Windows Pidgin Release
 $pidgin_win32_version  = "2.10.0";
============================================================
--- htdocs/ChangeLog	b26029e9f70252ca07092892b5cf02f3a6acee50
+++ htdocs/ChangeLog	f31efa280712cae1d2a8e16708eda5785f53bbe2
@@ -1,5 +1,44 @@ Pidgin and Finch: The Pimpin' Penguin IM
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
+version 2.10.1 (12/06/2011):
+	Finch:
+	* Fix compilation on OpenBSD.
+
+	AIM and ICQ:
+	* Fix remotely-triggerable crashes by validating strings in a few
+	  messages related to buddy list management.  Thanks to Evgeny Boger
+	  for reporting this!  (#14682)
+
+	Bonjour:
+	* IPv6 fixes (Linus L?ssing)
+
+	Gadu-Gadu:
+	* Fix problems linking against GnuTLS. (#14544)
+
+	IRC:
+	* Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary
+	  encoding.  (#14700)
+
+	Jabber:
+	* Fix crashes and memory leaks when receiving malformed voice
+	  and video requests.  Thanks to Thijs Alkemade for reporting this!
+
+	Sametime:
+	* Separate "username" and "server" when adding new Sametime accounts.
+	  (#14608)
+	* Fix compilation in Visual C++. (#14608)
+
+	SILC:
+	* Fix CVE-2011-3594, by UTF-8 validating incoming messages before
+	  passing them to glib or libpurple.  Identified by Diego Bauche
+	  Madero from IOActive.  (#14636)
+
+	Yahoo!:
+	* Fetch buddy icons in some cases where we previously weren't. (#13050)
+
+	Windows-Specific Changes:
+	* Fix compilation
+
 version 2.10.0 (08/18/2011):
 	Pidgin:
 	* Make the max size of incoming smileys a pref instead of hardcoding it.
============================================================
--- htdocs/news/security/index.php	408e753b3bf114e6de59d021a41ea058f553864e
+++ htdocs/news/security/index.php	bdcb22fad8dcbb4cb592a7c6aaf38803eadbdcaa
@@ -593,6 +593,36 @@ $vulnerabilities = array(
 		"fixrevisions" => "5749f9193063800d27bef75c2388f6f9cc2f7f37",
 		"fixedversion" => "2.10.0",
 		"discoveredby" => "James Burton, Insomnia Security"
+	),
+	array(
+		"title"        => "SILC remote crash",
+		"date"         => "2011-09-29",
+		"cve"          => "CVE-2011-3594",
+		"description"  => "When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8.  In some cases invalid UTF-8 data would lead to a crash.",
+		"fix"          => "Validate incoming strings as UTF-8 before using them as such.",
+		"fixrevisions" => "7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8,afb9ede3de989f217f03d5670cca00e628bd11f1",
+		"fixedversion" => "2.10.1",
+		"discoveredby" => "Diego Bauche Madero from IOActive"
+	),
+	array(
+		"title"        => "AIM and ICQ remote crash",
+		"date"         => "2011-10-20",
+		"cve"          => "CVE-2011-4601",
+		"description"  => "When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8.  In some cases invalid UTF-8 data would lead to a crash.",
+		"fix"          => "Validate incoming strings as UTF-8 before using them as such.",
+		"fixrevisions" => "757272a78a8ca6027d518e614712c3399e34dda3",
+		"fixedversion" => "2.10.1",
+		"discoveredby" => "Evgeny Boger"
+	),
+	array(
+		"title"        => "XMPP remote crash",
+		"date"         => "2011-12-10",
+		"cve"          => "",
+		"description"  => "When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing.",
+		"fix"          => "Check for missing fields and handle them appropriately.",
+		"fixrevisions" => "fb216fc88b085afc06d9a15209519cde1f4df6c6",
+		"fixedversion" => "2.10.1",
+		"discoveredby" => "Thijs Alkemade"
 	)
 );
 /*	Template for the unfortunate future


More information about the Commits mailing list