Accepted pidgin 2.10.10-1~deb7u3 (source all amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Mar 2017 12:56:01 +0100
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source all amd64
Version: 2.10.10-1~deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
finch - text-based multi-protocol instant messaging client
finch-dev - text-based multi-protocol instant messaging client - development
libpurple-bin - multi-protocol instant messaging library - extra utilities
libpurple-dev - multi-protocol instant messaging library - development files
libpurple0 - multi-protocol instant messaging library
pidgin - graphical multi-protocol instant messaging client for X
pidgin-data - multi-protocol instant messaging client - data files
pidgin-dbg - Debugging symbols for Pidgin
pidgin-dev - multi-protocol instant messaging client - development files
Changes:
pidgin (2.10.10-1~deb7u3) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-2640:
It was discovered that an invalid XML file can trigger an out-of-bound
memory access in Pidgin, a multi-protocol instant messaging client, when it
is sent by a malicious server. This might lead to a crash or, in some
extreme cases, to remote code execution in the client-side.
Checksums-Sha1:
1f1e538261c2feb87e2293990cbe448ef87d0226 2915 pidgin_2.10.10-1~deb7u3.dsc
b4851959feaf23b70c74dd0459f9277b32348738 90550 pidgin_2.10.10-1~deb7u3.debian.tar.gz
c77eb59508f342d908decbcba29120289ec277b9 4665146 pidgin-data_2.10.10-1~deb7u3_all.deb
642c21d68bde98deaa3ea6c05d746cda6745bbc4 2175780 pidgin-dev_2.10.10-1~deb7u3_all.deb
e658083b9db59893ecd4da5a7fb56c0865a0c3dc 142310 finch-dev_2.10.10-1~deb7u3_all.deb
28747ade9489da385e3f815d0a3a60e238f96bef 253798 libpurple-dev_2.10.10-1~deb7u3_all.deb
c7dbbf0c2ad46fc35299067f76f88cc1bbd15b2b 120756 libpurple-bin_2.10.10-1~deb7u3_all.deb
13c11bde0fc56fa5dcc15db466543c9c1de53277 1494014 libpurple0_2.10.10-1~deb7u3_amd64.deb
c55f7fddb3ac0be6df6c3ad4db26eded62dc1a33 615294 pidgin_2.10.10-1~deb7u3_amd64.deb
16d5afce1705a8fcd888ba39a2aa73e152dbf7c2 5803066 pidgin-dbg_2.10.10-1~deb7u3_amd64.deb
97d60139de17e843a74a8ff3d0e956695d65eda8 310206 finch_2.10.10-1~deb7u3_amd64.deb
Checksums-Sha256:
9cb18b587978c4878f89fd5a9ef1962f2ae62ab93a2ab628d67cebbb45b955d2 2915 pidgin_2.10.10-1~deb7u3.dsc
febc55e9569173fe7c7c420d8f0b2e70e1f47dcd096dcd0f2922ccb221e8379e 90550 pidgin_2.10.10-1~deb7u3.debian.tar.gz
5dfefaf0090b6e5db7f6fbdd4a2b448d8028e4a97ac524e71416b23ea8496b49 4665146 pidgin-data_2.10.10-1~deb7u3_all.deb
40981e54bfef7988a2448c6e2b09820e475427398a784d21a50f6ed1d6595f81 2175780 pidgin-dev_2.10.10-1~deb7u3_all.deb
945df991eb294ff2f4648c41318b31663f8efc40bab5a6d728ec6b8f0414a751 142310 finch-dev_2.10.10-1~deb7u3_all.deb
979576b2748c32a9d278e2d7f192d1e3dd8a89dde5de384974a5f84fce72ad6f 253798 libpurple-dev_2.10.10-1~deb7u3_all.deb
9a9342fe892f64b72255bb33ccb2ee50656c507bb1316832fc39dffc310f6747 120756 libpurple-bin_2.10.10-1~deb7u3_all.deb
7de9805f8f2318f0648723daf263c1f754ad4c299de8b9338e4f1102391fabd1 1494014 libpurple0_2.10.10-1~deb7u3_amd64.deb
28a6db65920ee695f2b377a18a82facfa4e3b94c9f28910978b011d871944a8e 615294 pidgin_2.10.10-1~deb7u3_amd64.deb
216a0f79555929c20621b8ac5b466db37878dc2194636eb912b0adb7dcb98b6a 5803066 pidgin-dbg_2.10.10-1~deb7u3_amd64.deb
d6336dce7de78fa76f07737e49789c2be477b806676b984c94efa521055d6f92 310206 finch_2.10.10-1~deb7u3_amd64.deb
Files:
e4e881d6a54906355731281d69fb48ed 2915 net optional pidgin_2.10.10-1~deb7u3.dsc
05a9a2930587d683eb63c25938899373 90550 net optional pidgin_2.10.10-1~deb7u3.debian.tar.gz
e5ede3b424169bb184c0b3f04c7e0be5 4665146 net optional pidgin-data_2.10.10-1~deb7u3_all.deb
56190f003deac20b33d3fe964ed73ec7 2175780 devel optional pidgin-dev_2.10.10-1~deb7u3_all.deb
3e4852d3bfe0630b175125e24246ec48 142310 devel optional finch-dev_2.10.10-1~deb7u3_all.deb
62fe1b05b36df88b901a94a00388fd19 253798 libdevel optional libpurple-dev_2.10.10-1~deb7u3_all.deb
487ce32ea2b960f6c1c55a83461a5b37 120756 net optional libpurple-bin_2.10.10-1~deb7u3_all.deb
37614332c8a8b9787b0723faa6b3b9b0 1494014 net optional libpurple0_2.10.10-1~deb7u3_amd64.deb
e6808dca78a3ebb4cd73449986e7e24a 615294 net optional pidgin_2.10.10-1~deb7u3_amd64.deb
8733337546a420e278e3218a368c9b4a 5803066 debug extra pidgin-dbg_2.10.10-1~deb7u3_amd64.deb
e8ca1fc20a4d1ed2154c76b52d6d3c61 310206 net optional finch_2.10.10-1~deb7u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAljD6mBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk3TIP/iItgN3WJyE1Io+kfS8vcC31kUgOQNuKc3PV
sDVYJUBNVU3w2Mu/SpPOspvPxSoTFIcjjiETk4RZfUXfqCVdoG3UXJUOz6P08gGb
+irxNE0U7n3GkqnR4klVMVPD6JMMwYnLXErXhYr4vJ9o/ySLEKBHGSYYAWFUEKSn
7QTU+vMVm2tqqIeBS28zHIemcbCJSHRzeLnWWx1RM6R2sskYj7JeuZXjv4gZJ7kB
M8Te7YJJ9zOnZFZKD7ZMhXxUupIKCxYIDOvHnX6AYOWIluf4xjaGNL8u+m3OJN+x
YD7Rf16YKkNzI/o3rREisBnKSWTBcZLMvFcvomcQVnmeZ6/HTsdZ+wjXtKiF4p+h
86cmrAQ8yJX/at9xK/BeXZobhc1Ny3IMGeUaE5g4+L/bspGzMM7mAe9KaYzLdpCO
Iz0/KPQXwnEivJI8OP1mW2u80OQSpHC793ZGa/pj6aUf/s3lhmonIH8h2BXE7Or6
2E4wOrWeiDf5naaiO8q7OgfSdIij2wZHp1JO9GLnwe72fjBMu6DAXkhNSHUDh114
dyFn226+HIRJx7DJ4nncKpWgCnZn9mKoz61UIN6OuqSG2yAnKTfSECrqRhxTDdoo
1bZAtK8b4gVrw/Clf4LYxzhebn1ITfp1JRXvEUZK3Mkubl8/vsuJPtsXpSyiJz8z
3pTtnZNL
=7Be6
-----END PGP SIGNATURE-----
Reply to: