/www/pidgin: 8db7cc9b1e03: Updates for 2.10.5

Mark Doliner mark at kingant.net
Fri Jul 6 11:40:16 EDT 2012 

Changeset: 8db7cc9b1e03757698a08ff7f6af61bcd926160f
Author:	 Mark Doliner <mark at kingant.net>
Date:	 2012-07-05 08:59 -0700
Branch:	 default
URL: http://hg.pidgin.im/www/pidgin/rev/8db7cc9b1e03

Description:

Updates for 2.10.5

diffstat:

 htdocs/ChangeLog               |  18 ++++++++++++++++--
 htdocs/index.php               |   2 +-
 htdocs/news/security/index.php |  10 ++++++++++
 inc/version.inc                |   4 ++--
 4 files changed, 29 insertions(+), 5 deletions(-)

diffs (75 lines):

diff --git a/htdocs/ChangeLog b/htdocs/ChangeLog
--- a/htdocs/ChangeLog
+++ b/htdocs/ChangeLog
@@ -1,7 +1,21 @@
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
-version 2.10.5:
-	No changes
+version 2.10.5 (07/05/2012):
+	libpurple:
+	* Add support for GNOME3 proxy settings. (Mihai Serban) (#15054)
+
+	Pidgin:
+	* Fix a crash that may occur when trying to ignore a user who is
+	  not in the current chat room. (#15139)
+
+	MSN:
+	* Fix building with MSVC on Windows (broken in 2.10.4). (Florian
+	  Quèze)
+
+	MXit:
+	* Fix a buffer overflow vulnerability when parsing incoming messages
+	  containing inline images.  Thanks to Ulf Härnhammar for reporting
+	  this! (CVE-2012-3374)
 
 version 2.10.4 (05/06/2012):
 	General:
diff --git a/htdocs/index.php b/htdocs/index.php
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -115,7 +115,7 @@
 
 <p class="more" id="lowblurb">
 <!-- Put little news blurbs here! -->
-Pidgin 2.10.4 contains <a href="/news/security/">two security updates</a>.  Please upgrade!
+Pidgin 2.10.5 contains <a href="/news/security/?id=64">a security update</a> for users of MXit.  Please upgrade if you use MXit!
 </p>
 
 </div>
diff --git a/htdocs/news/security/index.php b/htdocs/news/security/index.php
--- a/htdocs/news/security/index.php
+++ b/htdocs/news/security/index.php
@@ -673,6 +673,16 @@
 		"fixrevisions" => "4d6bcb4f4ea4",
 		"fixedversion" => "2.10.4",
 		"discoveredby" => "Fabian Yamaguchi"
+	),
+	array(
+		"title"        => "MXit buffer overflow",
+		"date"         => "2012-07-05",
+		"cve"          => "CVE-2012-3374",
+		"description"  => "Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code.",
+		"fix"          => "Use dynamically allocated memory instead of a fixed size buffer.",
+		"fixrevisions" => "ded93865ef42",
+		"fixedversion" => "2.10.5",
+		"discoveredby" => "Ulf Härnhammar"
 	)
 );
 /*	Template for the unfortunate future
diff --git a/inc/version.inc b/inc/version.inc
--- a/inc/version.inc
+++ b/inc/version.inc
@@ -1,10 +1,10 @@
 <?php
 
 // Current Pidgin Release
-$pidgin_version        = "2.10.4";
+$pidgin_version        = "2.10.5";
 
 // Current Windows Pidgin Release
-$pidgin_win32_version  = "2.10.4";
+$pidgin_win32_version  = "2.10.5";
 
 // Version of Pidgin in the Ubuntu PPA
 $pidgin_ubuntu_version = "2.10.4";

More information about the Commits mailing list