Bug 3894

Summary: newer pidgin version is available in MDV 2010.2 updates
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://www.pidgin.im/
Whiteboard:
Source RPM: pidgin-2.10.0-1.1.mga1.src.rpm CVE:
Status comment:

Description David Walser 2011-12-27 02:55:10 CET 
pidgin-2.10.1-0.1mdv2010.2 is that newer version.  It was a security update, updating the software to 2.10.1.  It doesn't appear that any adjustments to the SPEC were required.  The advisory for the update appears here:

http://lists.mandriva.com/security-announce/2011-12/msg00005.php
Comment 1 Manuel Hiebel 2011-12-27 03:15:05 CET 
The package was in updates_testing but without bug report :(

There is now 'pidgin-2.10.1-1.mga1.src.rpm' in core/updates_testing to validate
-------------------------------------------------------


Suggested advisory:
-------------------
This update addresses the following CVEs:

- CVE-2011-3594: UTF-8 validating incoming messages before passing them to glib or libpurple


other fixes in this release:

Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary encoding
Fix crashes and memory leaks when receiving malformed voice and video requests

CC: (none) => fundawang
Assignee: bugsquad => qa-bugs

Manuel Hiebel 2011-12-27 03:15:28 CET

CC: fundawang => (none)

Comment 2 David Walser 2011-12-27 03:34:45 CET 
Tested on i586.  It looks good.

Not sure if it matters, but usually the second line of the Help > About screen is an md5sum of some sort, but in this update it just says "Unknown" there.
Comment 3 Manuel Hiebel 2012-01-01 01:26:10 CET 
Tested ok in x86_64 (irc and jabber) 

Suggested Advisory:
-------------
This update addresses the following CVE:

- CVE-2011-3594: UTF-8 validating incoming messages before passing them to glib
or libpurple


other fixes in this release:

Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary encoding
Fix crashes and memory leaks when receiving malformed voice and video requests
-------------

SRPM: pidgin-2.10.1-1.mga1.src.rpm

Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2012-01-04 13:48:36 CET 
Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED