Re: pidgin
Salvatore Bonaccorso <carnil@debian.org> writes:
> Can you point me to the errors you found? Since I added I think most
> of those entries I would like to correct them if I wrongly commited.
Sure. Hope I haven't made too many mistakes myself :-)
* CVE-2016-2365 / TALOS-CAN-0133
https://bitbucket.org/pidgin/main/commits/5fa3f2bc69d7
- commit message says TALOS-CAN-0128.
- believe correct patch is 1c4acc6977a8686ad980e5b820327c9c47dbeaca
* CVE-2016-2366 / TALOS-CAN-0134
https://bitbucket.org/pidgin/main/commits/abdc3025f6b8
- is correct
* CVE-2016-2367 / TALOS-2016-0135
https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
https://bitbucket.org/pidgin/main/commits/1c5197a66760
https://bitbucket.org/pidgin/main/commits/648f667a679c
- same patches given as for CVE-2016-2370 / TALOS-CAN-0138
- same patches given as for CVE-2016-2372 / TALOS-2016-0140
- assuming these are correct, however neither the CVE or TALOS id in the commit message.
* CVE-2016-2368 / TALOS-CAN-0136
https://bitbucket.org/pidgin/main/commits/f6efc254e947
https://bitbucket.org/pidgin/main/commits/60f95045db42
- wrong order, but still correct
* CVE-2016-2369 / TALOS-CAN-0137
No patch given.
- Correct patch appears to be 7b52ca213832882c9f69b836560ba44c6e929a34
(see below)
* CVE-2016-2370 / TALOS-CAN-0138
https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
https://bitbucket.org/pidgin/main/commits/1c5197a66760
https://bitbucket.org/pidgin/main/commits/648f667a679c
- same patches given as for CVE-2016-2367 / TALOS-2016-0135
- same patches given as for CVE-2016-2372 / TALOS-2016-0140
- Correct patch appears to be fe0e01b2840740d9a07acf9a9788ec22e9dd120f
* CVE-2016-2371 / TALOS-CAN-0139
https://bitbucket.org/pidgin/main/commits/7b52ca213832
- This commit mentions TALOS-CAN-0137
- Correct patch appears to be f0287378203fbf496a9890bf273d96adefb93b74
* CVE-2016-2372 / TALOS-2016-0140
https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
https://bitbucket.org/pidgin/main/commits/1c5197a66760
https://bitbucket.org/pidgin/main/commits/648f667a679c
- same patches given as for CVE-2016-2367 / TALOS-2016-0135
- same patches given as for CVE-2016-2370 / TALOS-CAN-0138
- my search suggested the correct patch is the 2nd one, or
1c5197a66760396a28de87d566e0eb0d986175ea
- I put this patch as part of CVE-2016-2367 / TALOS-2016-0135 which
might be wrong.
* CVE-2016-2373 / TALOS-CAN-0141
https://bitbucket.org/pidgin/main/commits/e6159ad42c4c
- correct
* CVE-2016-2374 / TALOS-CAN-0142
https://bitbucket.org/pidgin/main/commits/f6c08d962618
- correct
* CVE-2016-2375 / TALOS-CAN-0143
https://bitbucket.org/pidgin/main/commits/b786e9814536
- correct
* CVE-2016-2376 / TALOS-CAN-0118
https://bitbucket.org/pidgin/main/commits/19f89eda8587
- correct
* CVE-2016-2377 / TALOS-CAN-0119
https://bitbucket.org/pidgin/main/commits/0f94ef13ab37
- correct
* CVE-2016-2378 / TALOS-CAN-0120
https://bitbucket.org/pidgin/main/commits/06278419c703
- correct
* CVE-2016-2380 / TALOS-CAN-0123
https://bitbucket.org/pidgin/main/commits/8172584fd640
- correct
* CVE-2016-4323 / TALOS-CAN-0128
Patch not given
- Believe correct patch is 5fa3f2bc69d7918d1e537e780839df63d5df59aa
- was patch listed for CVE-2016-2365 / TALOS-CAN-0133
--
Brian May <bam@debian.org>
Reply to:
- Follow-Ups:
- Re: pidgin
- From: Salvatore Bonaccorso <carnil@debian.org>
- References:
- pidgin
- From: Brian May <brian@linuxpenguins.xyz>
- Re: pidgin
- From: Salvatore Bonaccorso <carnil@debian.org>