www: 8bf08a64: Changes for 2.9.0

markdoliner at pidgin.im markdoliner at pidgin.im
Fri Jun 24 01:09:17 EDT 2011 

----------------------------------------------------------------------
Revision: 8bf08a64d1daa1a02308d5ebc88ceac23a5b52dd
Parent:   13fba32c1daa532d57b007a049de649d3741aa34
Author:   markdoliner at pidgin.im
Date:     06/24/11 00:29:46
Branch:   im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/8bf08a64d1daa1a02308d5ebc88ceac23a5b52dd

Changelog: 

Changes for 2.9.0

Changes against parent 13fba32c1daa532d57b007a049de649d3741aa34

  patched  htdocs/ChangeLog
  patched  htdocs/index.php
  patched  htdocs/news/security/index.php
  patched  inc/version.inc

-------------- next part --------------
============================================================
--- htdocs/index.php	574bf65af5a9f2e327e4d53a0577bdf8e79d4ba7
+++ htdocs/index.php	13bff80ad574e71bc3c5b27e8dd9e60f4e48bf39
@@ -72,6 +72,7 @@ include($_SERVER['DOCUMENT_ROOT'] . "/..
 <!-- This will pull from somewhere else at some point -->
 <p class="more" id="lowblurb">
 <!-- Put little news blurbs here! -->
+Pidgin 2.9.0 contains an important security update (<a href="http://pidgin.im/news/security/?id=51">more info</a>).  Please upgrade!
 </p>
 
 <?php /* Avoid outputting this stuff yet.
============================================================
--- inc/version.inc	575ab2bf43f3171ebb061bc0a2c19583182da8d6
+++ inc/version.inc	7240707d334ce680fb6877db90453f4428d63eb6
@@ -1,7 +1,7 @@
 <?php
 
 // Current Pidgin Release
-$pidgin_version        = "2.8.0";
+$pidgin_version        = "2.9.0";
 
 // Current Windows Pidgin Release
 $pidgin_win32_version  = "2.8.0";
============================================================
--- htdocs/ChangeLog	26d5bb1a15d97eaf21a33f1d9f638526757a27bd
+++ htdocs/ChangeLog	47d547dc8285a41c435aebc440783392720fd1c4
@@ -1,5 +1,29 @@ Pidgin and Finch: The Pimpin' Penguin IM
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
+version 2.9.0 (06/23/2011):
+	Pidgin:
+	* Fix a potential remote denial-of-service bug related to displaying
+	  buddy icons.
+	* Significantly improved performance of larger IRC channels (regression
+	  introduced in 2.8.0).
+	* Fix Conversation->Add on AIM and MSN.
+	* Entries in the chat user list are sorted properly again.  This was
+	  inadvertenly broken in 2.8.0.
+
+	Finch:
+	* Fix logging in to ICQ.
+
+	libpurple:
+	* media: Actually use the specified TCP port from the TURN configuration to
+	  create a TCP relay candidate.
+
+	AIM and ICQ:
+	* Fix crashes on some non-mainstream OSes when attempting to
+	  printf("%s", NULL).  (Clemens Huebner) (#14297)
+
+	Plugins:
+	* The Evolution Integration plugin compiles again.
+
 version 2.8.0 (06/07/2011):
 	General:
 	* Implement simple silence suppression for voice calls, preventing
============================================================
--- htdocs/news/security/index.php	ba0e67cf8e89dd3d1d034b84cfda9b6fc669ca4f
+++ htdocs/news/security/index.php	9a58cd339fd64f2746921914c99b1e94d5ac0480
@@ -552,6 +552,17 @@ $vulnerabilities = array(
 		"fixrevisions" => "a7c415abba1f5f01f79295337518837f73d99bb7",
 		"fixedversion" => "2.7.11",
 		"discoveredby" => "Marius Wachtler"
+	),
+	array(
+		"title"        => "Remote denial of service from corrupt buddy icons",
+		"date"         => "2011-06-23",
+		"cve"          => "CVE-2011-2485",
+		"summary"      => "A remote attacker could set a specially-crafted GIF image as their buddy icon that could lead to Pidgin being terminated due to excessive memory use",
+		"description"  => "It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load() routine did not properly handle certain return values from their subroutines.  A remote attacker could provide a specially-crafted GIF image, which once opened in Pidgin, would lead to gdk-pixbuf to return partially initialized pixbuf structure, possibly having huge width and height, leading to that particular application termination due excessive memory use.",
+		"fix"          => "Change Pidgin to look at the GError parameter in addition to the return value when calling certain gdk-pixbuf functions.",
+		"fixrevisions" => "e802003adbf0be4496de3de8ac03b47c1e471d00",
+		"fixedversion" => "2.9.0",
+		"discoveredby" => "Mark Doliner"
 	)
 );
 /*	Template for the unfortunate future

More information about the Commits mailing list