www: 6c17da48: Changes for 2.10.4

markdoliner at pidgin.im markdoliner at pidgin.im
Mon May 7 00:08:18 EDT 2012 

----------------------------------------------------------------------
Revision: 6c17da4834cd8fcf1c022fdedbe7b328d51d744c
Parent:   adbaf18b69a83b232d8170d761afe7824909aa46
Author:   markdoliner at pidgin.im
Date:     05/06/12 23:41:32
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/6c17da4834cd8fcf1c022fdedbe7b328d51d744c

Changelog: 

Changes for 2.10.4

Changes against parent adbaf18b69a83b232d8170d761afe7824909aa46

  patched  htdocs/ChangeLog
  patched  htdocs/index.php
  patched  htdocs/news/security/index.php
  patched  inc/version.inc

-------------- next part --------------
============================================================
--- htdocs/index.php	d6886878e5b29267f88eaec73ce3194ec2008122
+++ htdocs/index.php	e0ec47b45a6e7c576ead782ed971812bb85a01e7
@@ -115,7 +115,7 @@
 
 <p class="more" id="lowblurb">
 <!-- Put little news blurbs here! -->
-Pidgin 2.10.2 contains <a href="/news/security/">two security updates</a> and 2.10.3 fixes a problem with MSN buddies appearing online when they shouldn't.
+Pidgin 2.10.4 contains <a href="/news/security/">two security updates</a>.  Please upgrade!
 </p>
 
 </div>
============================================================
--- inc/version.inc	b4c8cf524e4eaafb658197e9c55db7998ea761a3
+++ inc/version.inc	bfc4673597101d347908f21aef25d9a2f0d47cb2
@@ -1,7 +1,7 @@
 <?php
 
 // Current Pidgin Release
-$pidgin_version        = "2.10.3";
+$pidgin_version        = "2.10.4";
 
 // Current Windows Pidgin Release
 $pidgin_win32_version  = "2.10.3";
============================================================
--- htdocs/ChangeLog	12ef8d02e80fe7df7233e25e48447d630ab177d3
+++ htdocs/ChangeLog	94f96063e641e1f5249ad36fcbb48b8949b51add
@@ -1,8 +1,34 @@ Pidgin and Finch: The Pimpin' Penguin IM
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
+version 2.10.4 (05/06/2012):
+	General:
+	* Support building against Farstream in addition to Farsight.
+	  (Olivier Crete) (#14936)
+
+	IRC:
+	* Disable periodic WHO timer.  IRC channel user lists will no
+	  longer automatically display away status, but libpurple will be
+	  much kinder to the network.
+	* Print unknown numerics to channel windows if we can associate
+	  them.  Thanks to Marien Zwart. (#15090)
+
+	MSN:
+	* Fix a possible crash when receiving messages with certain characters
+	  or character encodings.  Thanks to Fabian Yamaguchi for reporting
+	  this!
+
+	XMPP:
+	* Fix a possible crash when receiving a series of specially crafted
+	  file transfer requests.  Thanks to Jos? Valent?n Guti?rrez for
+	  reporting this!  (CVE-2012-2214)
+
+	Windows-Specific Changes:
+	* Words added to spell check dictionaries are saved across restarts of
+	  Pidgin (#11886)
+
 version 2.10.3 (03/26/2012):
 	MSN:
-	* Fix buddies not going offline.
+	* Fix buddies not going offline. (#14997)
 
 version 2.10.2 (03/14/2012):
 	General:
============================================================
--- htdocs/news/security/index.php	52acdb75f3fd721e1daa17b98def331a988f234d
+++ htdocs/news/security/index.php	fa356de947064bc1b8f645a88ee2fedf3d792b11
@@ -653,6 +653,26 @@ $vulnerabilities = array(
 		"fixrevisions" => "3053d6a37cc6d8774aba7607b992a4408216adcd,ecabfaee8a1ca02e18ebadbb41cdcce19e78bc2e,b1b8c222ab921963f43e83502b6c6e2e4489a8c4,fdb56683f2b5f88f7b388aaef6c53c810d19e374,f12c9f6a6c31bcd3512f162209285a88a86595ff",
 		"fixedversion" => "2.10.2",
 		"discoveredby" => "Thijs Alkemade in <a href=\"http://developer.pidgin.im/ticket/14884\">ticket #14884</a>"
+	),
+	array(
+		"title"        => "XMPP remote crash",
+		"date"         => "2012-05-06",
+		"cve"          => "CVE-2012-2214",
+		"description"  => "A series of specially crafted file transfer requests can cause clients to reference invalid memory.  The user must have accepted one of the file transfer requests.",
+		"fix"          => "Correctly cancel and free a SOCKS5 connection attempt so that it does not trigger an attempt to access invalid memory later.",
+		"fixrevisions" => "",
+		"fixedversion" => "2.10.4",
+		"discoveredby" => "Jos? Valent?n Guti?rrez"
+	),
+	array(
+		"title"        => "Possible MSN remote crash",
+		"date"         => "2012-05-06",
+		"cve"          => "",
+		"description"  => "Incoming messages with certain characters or character encodings can cause clients to crash.",
+		"fix"          => "The contents of all incoming plaintext messages are converted to UTF-8 and validated before used.",
+		"fixrevisions" => "",
+		"fixedversion" => "2.10.4",
+		"discoveredby" => "Fabian Yamaguchi"
 	)
 );
 /*	Template for the unfortunate future

More information about the Commits mailing list