Re: pidgin

To: Salvatore Bonaccorso <carnil@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: pidgin
From: Brian May <bam@debian.org>
Date: Wed, 29 Jun 2016 08:35:26 +1000
Message-id: <[🔎] 87por1uekx.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 20160628193249.GA2175@eldamar.local>
References: <[🔎] 87vb0uuyp6.fsf@prune.linuxpenguins.xyz> <[🔎] 20160628193249.GA2175@eldamar.local>

Salvatore Bonaccorso <carnil@debian.org> writes:

> Can you point me to the errors you found? Since I added I think most
> of those entries I would like to correct them if I wrongly commited.

Sure. Hope I haven't made too many mistakes myself :-)


* CVE-2016-2365 / TALOS-CAN-0133

https://bitbucket.org/pidgin/main/commits/5fa3f2bc69d7
- commit message says TALOS-CAN-0128.
- believe correct patch is 1c4acc6977a8686ad980e5b820327c9c47dbeaca


* CVE-2016-2366 / TALOS-CAN-0134

https://bitbucket.org/pidgin/main/commits/abdc3025f6b8
- is correct


* CVE-2016-2367 / TALOS-2016-0135

https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
https://bitbucket.org/pidgin/main/commits/1c5197a66760
https://bitbucket.org/pidgin/main/commits/648f667a679c
- same patches given as for CVE-2016-2370 / TALOS-CAN-0138
- same patches given as for CVE-2016-2372 / TALOS-2016-0140
- assuming these are correct, however neither the CVE or TALOS id in the commit message.


* CVE-2016-2368 / TALOS-CAN-0136

https://bitbucket.org/pidgin/main/commits/f6efc254e947
https://bitbucket.org/pidgin/main/commits/60f95045db42
- wrong order, but still correct


* CVE-2016-2369 / TALOS-CAN-0137

No patch given.
- Correct patch appears to be 7b52ca213832882c9f69b836560ba44c6e929a34
(see below)


* CVE-2016-2370 / TALOS-CAN-0138
  
https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
https://bitbucket.org/pidgin/main/commits/1c5197a66760
https://bitbucket.org/pidgin/main/commits/648f667a679c
- same patches given as for CVE-2016-2367 / TALOS-2016-0135
- same patches given as for CVE-2016-2372 / TALOS-2016-0140
- Correct patch appears to be fe0e01b2840740d9a07acf9a9788ec22e9dd120f


* CVE-2016-2371 / TALOS-CAN-0139

https://bitbucket.org/pidgin/main/commits/7b52ca213832
- This commit mentions TALOS-CAN-0137
- Correct patch appears to be f0287378203fbf496a9890bf273d96adefb93b74


* CVE-2016-2372 / TALOS-2016-0140

https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
https://bitbucket.org/pidgin/main/commits/1c5197a66760
https://bitbucket.org/pidgin/main/commits/648f667a679c
- same patches given as for CVE-2016-2367 / TALOS-2016-0135
- same patches given as for CVE-2016-2370 / TALOS-CAN-0138
- my search suggested the correct patch is the 2nd one, or
1c5197a66760396a28de87d566e0eb0d986175ea
- I put this patch as part of CVE-2016-2367 / TALOS-2016-0135 which
might be wrong.


* CVE-2016-2373 / TALOS-CAN-0141

https://bitbucket.org/pidgin/main/commits/e6159ad42c4c
- correct


* CVE-2016-2374 / TALOS-CAN-0142

https://bitbucket.org/pidgin/main/commits/f6c08d962618
- correct


* CVE-2016-2375 / TALOS-CAN-0143

https://bitbucket.org/pidgin/main/commits/b786e9814536
- correct


* CVE-2016-2376 / TALOS-CAN-0118

https://bitbucket.org/pidgin/main/commits/19f89eda8587
- correct


* CVE-2016-2377 / TALOS-CAN-0119

https://bitbucket.org/pidgin/main/commits/0f94ef13ab37
- correct


* CVE-2016-2378 / TALOS-CAN-0120

https://bitbucket.org/pidgin/main/commits/06278419c703
- correct


* CVE-2016-2380 / TALOS-CAN-0123

https://bitbucket.org/pidgin/main/commits/8172584fd640
- correct


* CVE-2016-4323 / TALOS-CAN-0128

Patch not given
- Believe correct patch is 5fa3f2bc69d7918d1e537e780839df63d5df59aa
- was patch listed for CVE-2016-2365 / TALOS-CAN-0133
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: pidgin
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- pidgin
  - From: Brian May <brian@linuxpenguins.xyz>
- Re: pidgin
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: Security update of Gosa
Next by Date: Re: pidgin
Previous by thread: Re: pidgin
Next by thread: Re: pidgin
Index(es):
- Date
- Thread