www: 790fd97f: Update the website since no one else did...

rekkanoryo at pidgin.im rekkanoryo at pidgin.im
Wed Feb 9 23:01:42 EST 2011 

----------------------------------------------------------------------
Revision: 790fd97fe1f8fd2f00fea752ace3514e64288e6a
Parent:   13bd1016b61a64a54351a5b10ea50fd0bf566756
Author:   rekkanoryo at pidgin.im
Date:     02/09/11 22:57:35
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/790fd97fe1f8fd2f00fea752ace3514e64288e6a

Changelog: 

Update the website since no one else did it yet.

Changes against parent 13bd1016b61a64a54351a5b10ea50fd0bf566756

  patched  htdocs/index.php
  patched  htdocs/news/security/index.php
  patched  inc/version.inc

-------------- next part --------------
============================================================
--- htdocs/index.php	b2e64cd8a50f4a96cb97f3af0893001df24ec08d
+++ htdocs/index.php	dc0b3b98417d0fc83acbf2082480a381601f346b
@@ -72,7 +72,7 @@ include($_SERVER['DOCUMENT_ROOT'] . "/..
 
 <!-- This will pull from somewhere else at some point -->
 <p class="more" id="lowblurb">
-Pidgin 2.7.9 is out and contains a fix for a security issue in MSN that leads to a crash.
+Pidgin 2.7.10 is out and contains a fix for a minor libpurple security issue and a bunch of bugfixes. (Sorry, MSN users, none for you yet.)
 </p>
 
 <? /* Avoid outputting this stuff yet.
============================================================
--- inc/version.inc	b54451022c7f06219d42e00bc0be6d563fa81ca0
+++ inc/version.inc	adc74266bfc9a177177e1776be693fb78363cbb5
@@ -1,10 +1,10 @@
 <?php
 
 // Current Pidgin Release
-$pidgin_version        = "2.7.9";
+$pidgin_version        = "2.7.10";
 
 // Current Windows Pidgin Release
-$pidgin_win32_version  = "2.7.9";
+$pidgin_win32_version  = "2.7.10";
 
 // Version of Pidgin in the Ubuntu PPA
 $pidgin_ubuntu_version = "2.7.9";
============================================================
--- htdocs/news/security/index.php	213ed0ba978942ede3a152f2b0adc2fe61382316
+++ htdocs/news/security/index.php	b7b2ddde12a418589ffe4199651ac39862f24e15
@@ -531,6 +531,16 @@ $vulnerabilities = array(
 		"fixrevisions" => "aaa07bde3c51d3684391ae6ed86b6dbaeab5d031",
 		"fixedversion" => "2.7.9",
 		"discoveredby" => "Stu Tomlinson"
+	),
+	array(
+		"title"        => "Cipher API information disclosure",
+		"date"         => "2011-02-06",
+		"summary"      => "Potential local information disclosure in libpurple",
+		"description"  => "It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing.  An attacker could potentially extract partial information from memory regions freed by libpurple.",
+		"fix"          => "Proper structure clearing has been implemented.",
+		"fixrevisions" => "16f4c309528b82961b169edb8b74b9061db6c471",
+		"fixedversion" => "2.7.10",
+		"discoveredby" => "Julia Lawall"
 	)
 );
 /*	Template for the unfortunate future

More information about the Commits mailing list