You have been subscribed to a public bug: bug #1402424 (a gaping security/information leak hole in Vivid's Pidgin) has been marked as closed, despite the fact that an updated version has not been released for Vivid, per the original bug report.
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1402424 Apparently releasing a security fixed version for a non-released distribution (wily) is "good enough" This needs backporting from Wily asap. These are the unfixed, publically disclosed vulnerabilties in the distributed version: https://pidgin.im/news/security/ CVE Name Date Fixed In Potential information leak from XMPP CVE-2014-3698 2014-10-22 2.10.10 Malicious smiley themes could alter arbitrary files CVE-2014-3697 2014-10-22 2.10.10 Remote crash parsing malformed Groupwise message CVE-2014-3696 2014-10-22 2.10.10 Remote crash parsing malformed MXit emoticon CVE-2014-3695 2014-10-22 2.10.10 Insufficient SSL certificate validation CVE-2014-3694 2014-10-22 2.10.10 ** Affects: pidgin (Ubuntu) Importance: Undecided Status: Invalid -- pidgin 1.2.11 backport required https://bugs.launchpad.net/bugs/1465052 You received this bug notification because you are a member of Desktop Packages, which is subscribed to pidgin in Ubuntu. -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
