Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:3098
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo> <issue id="902408" tracker="bnc">CVE-2014-3698 pidgin: remote information leak via crafted XMPP message</issue> <issue id="902410" tracker="bnc">CVE-2014-3696: pidgin: denial of service parsing Groupwise server message</issue> <issue id="902409" tracker="bnc">CVE-2014-3695: pidgin: crash in MXit protocol plug-in</issue> <issue id="853038" tracker="bnc">pidgin xmpp video support missing</issue> <issue id="874606" tracker="bnc">Pidgin (2.9.10) does not connect to Yahoo anymore</issue> <issue id="902495" tracker="bnc">VUL-0: CVE-2014-3694: pidgin: SSL/TLS plug-ins failed to check Basic Constraints</issue> <issue id="CVE-2014-3698" tracker="cve" /> <issue id="CVE-2014-3694" tracker="cve" /> <issue id="CVE-2014-3695" tracker="cve" /> <issue id="CVE-2014-3696" tracker="cve" /> <issue id="CVE-2014-3697" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>dimstar</packager> <description> The following issues were fixed in this update: + General: - Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins (CVE-2014-3694, boo#902495). - Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL (im#15909). + libpurple3 compatibility: - Encrypted account passwords are preserved until the new one is set. - Fix loading Google Talk and Facebook XMPP accounts. + Groupwise: Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated (CVE-2014-3696, boo#902410). + IRC: Fix a possible leak of unencrypted data when using /me command with OTR (im#15750). + MXit: Fix potential remote crash parsing a malformed emoticon response (CVE-2014-3695, boo#902409). + XMPP: - Fix potential information leak where a malicious XMPP server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory (CVE-2014-3698, boo#902408). + Yahoo: Fix login when using the GnuTLS library for TLS connections (im#16172, boo#874606). </description> <summary>update for pidgin</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor