[v2.5] pidgin: multiple vulnerabilies
New version of pidgin has been released recently that fixes multiple security issues. Upgrade from version 2.10.7 is necessary for all the Alpine Linux supported branches.
(from redmine: issue id 2679, created on 2014-02-06, closed on 2014-03-03)
- parent #2677 (closed)
- Revision 32cb9c69 by Natanael Copa on 2014-03-03T11:22:52Z:
main/pidgin: security upgrade to 2.10.9 (various CVEs) fixes #2679 CVE-2014-0020 Remotely triggerable crash in IRC argument parsing CVE-2013-6490 Buffer overflow in SIMPLE header parsing CVE-2013-6489 Buffer overflow in MXit emoticon parsing CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing CVE-2013-6486 Pidgin uses clickable links to untrusted executables CVE-2013-6485 Buffer overflow parsing chunked HTTP responses CVE-2013-6484 Crash reading response from STUN server CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN CVE-2013-6482 NULL pointer dereference parsing headers in MSN CVE-2013-6481 Remote crash reading Yahoo! P2P message CVE-2013-6479 Remote crash parsing HTTP responses CVE-2013-6478 Crash when hovering pointer over a long URL CVE-2013-6477 Crash handling bad XMPP timestamp CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information