Overview Repositories Revisions Requests Users Attributes Meta
Security update for pidgin

This update for pidgin fixes the following issues:

Feature update:
- Update to GNOME 3.20.2 (fate#318572).

Security issues fixed:
- CVE-2017-2640: Fix an out of bounds memory read in purple_markup_unescape_entity. (boo#1028835)
- CVE-2014-3698: remote information leak via crafted XMPP message (boo#902408).
- CVE-2014-3696: denial of service parsing Groupwise server message (boo#902410).
- CVE-2014-3695: crash in MXit protocol plug-in (boo#902409).

Bugfixes
- Correctly remove *.so files for plugins (fixes devel-file-in-non-devel-package).
- Remove generation of a plugin list to package, simply add it all in %files with exclusions.
- Build with GStreamer 1.x on SLE 12 SP2.
- Fix SASL EXTERNAL fingerprint authentication (boo#1009974).
- Use ALSA as default for avoiding broken volume control of pa sink (boo#886670).

Fixed bugs
bnc#1028835
VUL-0: CVE-2017-2640: pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML
bnc#902409
VUL-0: CVE-2014-3695: pidgin: crash in MXit protocol plug-in
bnc#902408
VUL-0: CVE-2014-3698: pidgin: remote information leak via crafted XMPP message
bnc#902410
VUL-0: CVE-2014-3696: pidgin: denial of service parsing Groupwise server message
bnc#1009974
Pidgin cannot connect to Freenode using SASL
bnc#886670
Pidgin resets main volume level
CVE-2017-2640
CVE-2014-3698
CVE-2014-3696
CVE-2014-3695
fate#318572
Selected Binaries
openSUSE Build Service is sponsored by
Places