Hi Alexander - Thanks for the debdiff! Unfortunately, it does not follow the security update procedures documented here:
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation Rather than update the Precise pidgin version to 1:2.10.4-0ubuntu1, we need to backport the two security fixes to the existing Precise pidgin source and bump the version number to 1:2.10.3-0ubuntu1.1. The relevant patches are: http://developer.pidgin.im/viewmtn/revision/info/94cbd5a68ee237c970d8bd6d9d53106f1b9627ad http://developer.pidgin.im/viewmtn/revision/info/d991ff6d558d185527a09eae0378edb3fc7057a5 I'm unsubscribing ubuntu-security-sponors from this bug. If you are able to provide an updated debdiff, please resubscribe ubuntu-security- sponsors and set the bug status to NEW. Otherwise, the Ubuntu Security Team will update pidgin after one of our team members has a chance to go through the appropriate update preparation. ** This bug has been flagged as a security vulnerability ** Changed in: pidgin (Ubuntu) Status: New => Triaged ** Changed in: pidgin (Ubuntu) Importance: Undecided => Medium ** Summary changed: - Update pidgin to 2.10.4 + Pidgin may be vulnerable to remote MSN and XMPP crashes -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/996691 Title: Pidgin may be vulnerable to remote MSN and XMPP crashes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/996691/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
