--- a/htdocs/ChangeLog Wed Sep 19 21:35:32 2012 +0100
+++ b/htdocs/ChangeLog Wed Feb 13 07:08:17 2013 -0800
@@ -1,5 +1,103 @@
Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
+version 2.10.7 (02/13/2013): + * The configure script will now exit with status 1 when specifying + invalid protocol plugins using the --with-static-prpls and + --with-dynamic-prpls arguments. (Michael Fiedler) (#15316) + * Fix a crash when receiving UPnP responses with abnormally long values. + * Don't link directly to libgcrypt when building with GnuTLS support. + (Bartosz Brachaczek) (#15329) + * Fix UPnP mappings on routers that return empty <URLBase/> elements + in their response. (Ferdinand Stehle) (#15373) + * Tcl plugin uses saner, race-free plugin loading. + * Fix the Tcl signals-test plugin for savedstatus-changed. + (Andrew Shadura) (#15443) + * Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11 + * Fix a crash at startup with large contact list. Avatar support for + buddies will be disabled until 3.0.0. (#15226, #14305) + * Support for SASL authentication. (Thijs Alkemade, Andy Spencer) + * Print topic setter information at channel join. (#13317) + * Fix SSL certificate issue when signing into MSN for some users. + * Fix a crash when removing a user before its icon is loaded. (Mark + * Fix two bugs where a remote MXit user could possibly specify a local + file path to be written to. (CVE-2013-0271) + * Fix a bug where the MXit server or a man-in-the-middle could + potentially send specially crafted data that could overflow a buffer + and lead to a crash or remote code execution. (CVE-2013-0272) + * Display farewell messages in a different colour to distinguish + them from normal messages. + * Add support for typing notification. + * Add support for the Relationship Status profile attribute. + * Remove all reference to Hidden Number. + * Ignore new invites to join a GroupChat if you're already joined, or + still have a pending invite. + * The buddy's name was not centered vertically in the buddy-list if they + did not have a status-message or mood set. + * Fix decoding of font-size changes in the markup of received messages. + * Increase the maximum file size that can be transferred to 1 MB. + * When setting an avatar image, no longer downscale it to 96x96. + * Fix a crash in Sametime when a malicious server sends us an abnormally + long user ID. (CVE-2013-0273) + * Fix a double-free in profile/picture loading code. (Mihai Serban) + * Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381) + * The Voice/Video Settings plugin supports using the sndio GStreamer + backends. (Brad Smith) (#14414) + * Fix a crash in the Contact Availability Detection plugin. (Mark) + * Make the Message Notification plugin more friendly to non-X11 GTK+, + such as MacPorts' +no_x11 variant. + Windows-Specific Changes: + * Compile with secure flags (Jurre van Bergen) (#15290) + * Installer downloads GTK+ Runtime and Debug Symbols more securely. + Thanks goes to Jacob Appelbaum of the Tor Project for identifying + this issue and suggesting solutions. (#15277) + * Updates to a number of dependencies, some of which have security + related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen + for identifying the vulnerable libraries and to Dieter Verfaillie + for helping getting the libraries updated. (#14571, #15285, #15286) + * NSS 3.13.6 and NSPR 4.9.2 + * Patch libmeanwhile (sametime library) to fix crash. (Jonathan Rice) version 2.10.6 (07/06/2012):
* Fix a bug that requires a triple-click to open a conversation
--- a/htdocs/index.php Wed Sep 19 21:35:32 2012 +0100
+++ b/htdocs/index.php Wed Feb 13 07:08:17 2013 -0800
@@ -115,7 +115,7 @@
<p class="more" id="lowblurb">
<!-- Put little news blurbs here! -->
-Pidgin 2.10.5 contains <a href="/news/security/?id=64">a security update</a> for users of MXit, and 2.10.6 contains a fix for a buddy list double-click bug that snuck into 2.10.5. Please upgrade if you use MXit!
+Pidgin 2.10.7 contains <a href="/news/security/">some security updates</a> for users of MXit, Sametime, and anyone connected to a public network (unencrypted Wi-Fi, universities, offices, etc). It also contains updated SSL certificates to fix signin problems with MSN. Please upgrade! --- a/htdocs/news/security/index.php Wed Sep 19 21:35:32 2012 +0100
+++ b/htdocs/news/security/index.php Wed Feb 13 07:08:17 2013 -0800
@@ -683,6 +683,46 @@
"fixrevisions" => "ded93865ef42",
"fixedversion" => "2.10.5",
"discoveredby" => "Ulf Härnhammar"
+ "title" => "Remote MXit user could specify local file path", + "date" => "2013-02-13", + "cve" => "CVE-2013-0271", + "description" => "The MXit protocol plugin saves an image to local disk using a filename that could potentially be partially specified by the IM server or by a remote user.", + "fix" => "Escape values that come from the network before using them in filenames.", + "fixrevisions" => "a8aef1d340f2", + "fixedversion" => "2.10.7", + "discoveredby" => "Chris Wysopal, Veracode" + "title" => "MXit buffer overflow reading data from network", + "date" => "2013-02-13", + "cve" => "CVE-2013-0272", + "description" => "The code did not respect the size of the buffer when parsing HTTP headers, and a malicious server or man-in-the-middle could send specially crafted data that could overflow the buffer. This could lead to a crash or remote code execution.", + "fix" => "Check buffer bounds when reading and parsing incoming HTTP data.", + "fixrevisions" => "879db2a9a59c", + "fixedversion" => "2.10.7", + "discoveredby" => "Coverity static analysis" + "title" => "Sametime crash with long user IDs", + "date" => "2013-02-13", + "cve" => "CVE-2013-0273", + "description" => "libpurple failed to null-terminate user IDs that were longer than 4096 bytes. It's plausible that a malicious server could send one of these to us, which would lead to a crash.", + "fix" => "Use g_strlcpy() instead of strncpy() to guarrantee that the string is null-terminated.", + "fixrevisions" => "c31cf8de31cd", + "fixedversion" => "2.10.7", + "discoveredby" => "Coverity static analysis" + "title" => "Crash when receiving a UPnP response with abnormally long values", + "date" => "2013-02-13", + "cve" => "CVE-2013-0274", + "description" => "libpurple failed to null-terminate some strings when parsing the response from a UPnP router. This could lead to a crash if a malicious user on your network responds with a specially crafted message.", + "fix" => "Use g_strlcpy() instead of strncpy() to guarrantee that strings are null-terminated.", + "fixrevisions" => "ad7e7fb98db3", + "fixedversion" => "2.10.7", + "discoveredby" => "Coverity static analysis" /* Template for the unfortunate future
--- a/inc/version.inc Wed Sep 19 21:35:32 2012 +0100
+++ b/inc/version.inc Wed Feb 13 07:08:17 2013 -0800
@@ -1,10 +1,10 @@
// Current Pidgin Release
-$pidgin_version = "2.10.6";
+$pidgin_version = "2.10.7"; // Current Windows Pidgin Release
-$pidgin_win32_version = "2.10.6";
+$pidgin_win32_version = "2.10.7"; // Version of Pidgin in the Ubuntu PPA
$pidgin_ubuntu_version = "2.10.6";