www: 7146d9ae: 2.7.11.

rekkanoryo at pidgin.im rekkanoryo at pidgin.im
Thu Mar 10 22:15:49 EST 2011


----------------------------------------------------------------------
Revision: 7146d9aea9e12e49c6456ef325655e526ce64b86
Parent:   27d8185c2e73a7bed19bb16c0ace3871e05c0741
Author:   rekkanoryo at pidgin.im
Date:     03/10/11 21:58:48
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/7146d9aea9e12e49c6456ef325655e526ce64b86

Changelog: 

2.7.11.

Changes against parent 27d8185c2e73a7bed19bb16c0ace3871e05c0741

  patched  htdocs/index.php
  patched  htdocs/news/security/index.php
  patched  inc/version.inc

-------------- next part --------------
============================================================
--- htdocs/index.php	e460516c46e2ee6e773ad1ae6cec41c032eb4f4c
+++ htdocs/index.php	ca4d0dcac4ebedf8aba9998f560898194b2d1e47
@@ -72,7 +72,7 @@ include($_SERVER['DOCUMENT_ROOT'] . "/..
 
 <!-- This will pull from somewhere else at some point -->
 <p class="more" id="lowblurb">
-Pidgin 2.7.10 is out and contains a fix for a minor libpurple security issue and a bunch of bugfixes. (Sorry, MSN users, none for you yet.)
+Pidgin 2.7.11 is out and contains fixes for a Yahoo security issue and adding MSN buddies.
 </p>
 
 <?php /* Avoid outputting this stuff yet.
============================================================
--- inc/version.inc	adc74266bfc9a177177e1776be693fb78363cbb5
+++ inc/version.inc	3ea4e9ab0754a193cf3a9486e7e2edf1235029fc
@@ -1,10 +1,10 @@
 <?php
 
 // Current Pidgin Release
-$pidgin_version        = "2.7.10";
+$pidgin_version        = "2.7.11";
 
 // Current Windows Pidgin Release
-$pidgin_win32_version  = "2.7.10";
+$pidgin_win32_version  = "2.7.11";
 
 // Version of Pidgin in the Ubuntu PPA
 $pidgin_ubuntu_version = "2.7.9";
============================================================
--- htdocs/news/security/index.php	e393098ec6cc97aae3a4ca214f3b8419d02f6d17
+++ htdocs/news/security/index.php	879a5bfbd805d8ae8fbd151c2e44ee2e7c377adb
@@ -541,6 +541,17 @@ $vulnerabilities = array(
 		"fixrevisions" => "16f4c309528b82961b169edb8b74b9061db6c471",
 		"fixedversion" => "2.7.10",
 		"discoveredby" => "Julia Lawall"
+	),
+	array(
+		"title"        => "Remote denial of service in Yahoo protocol plugin",
+		"date"         => "2011-03-10",
+		"cve"          => "CVE-2011-1091",
+		"summary"      => "Improper handling of malformed packets leads to denial of service",
+		"description"  => "The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash.",
+		"fix"          => "Properly handle malformed packets by ignoring the packet or the missing field.",
+		"fixrevisions" => "a7c415abba1f5f01f79295337518837f73d99bb7",
+		"fixedversion" => "2.7.11",
+		"discoveredby" => "Marius Wachtler"
 	)
 );
 /*	Template for the unfortunate future


More information about the Commits mailing list