Client MessaggisticaInformaticaMondo LinuxMondo MacMondo MicrosoftPidginUbuntu

Pidgin 2.10.7 arriva con aggiornamenti di sicurezza

Pidgin, il popolare client di messaggistica istantanea multipiattaforma si aggiorna. Giunge infatti Pidgin 2.10.7 nuova minor release che contiene però alcuni aggiornamenti di sicurezza importati per gli utenti MXit, Sametime e chiunque utilizzi una rete pubblica (Wifi di università, uffici etc). Oltre a questo contiene i certificati SSL aggiornati per risolvere i problemi di login con MSN. L’aggiornamento è dunque consigliato.
Ma leggiamo assieme il changelog
  • Alien hatchery
    • No changes
  • General
    • The configure script will now exit with status 1 when specifying
      invalid protocol plugins using the –with-static-prpls and
      –with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
  • libpurple
    • Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)
    • Don’t link directly to libgcrypt when building with GnuTLS support. (Bartosz Brachaczek) (#15329)
    • Fix UPnP mappings on routers that return empty <URLBase/> elements in their response. (Ferdinand Stehle) (#15373)
    • Tcl plugin uses saner, race-free plugin loading.
    • Fix the Tcl signals-test plugin for savedstatus-changed. (Andrew Shadura) (#15443)
  • Pidgin
    • Make Pidgin more friendly to non-X11 GTK+, such as MacPorts?‘ +no_x11 variant.
  • Gadu-Gadu
    • Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (#15226, #14305)
  • IRC
    • Support for SASL authentication. (Thijs Alkemade, Andy Spencer) (#13270)
    • Print topic setter information at channel join. (#13317)
  • MSN
    • Fix SSL certificate issue when signing into MSN for some users.
    • Fix a crash when removing a user before its icon is loaded. (Mark Barfield) (#15217)
  • MXit
    • Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271)
    • Fix a bug where the MXit server or a man-in-the-middle could
      potentially send specially crafted data that could overflow a buffer and
      lead to a crash or remote code execution. (CVE-2013-0272)
    • Display farewell messages in a different colour to distinguish them from normal messages.
    • Add support for typing notification.
    • Add support for the Relationship Status profile attribute.
    • Remove all reference to Hidden Number.
    • Ignore new invites to join a GroupChat? if you’re already joined, or still have a pending invite.
    • The buddy’s name was not centered vertically in the buddy-list if they did not have a status-message or mood set.
    • Fix decoding of font-size changes in the markup of received messages.
    • Increase the maximum file size that can be transferred to 1 MB.
    • When setting an avatar image, no longer downscale it to 96×96.
  • Sametime
    • Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)
  • Yahoo”’

    • Fix a double-free in profile/picture loading code. (Mihai Serban) (#15053)
    • Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
  • Plugins
    • The Voice/Video? Settings plugin supports using the sndio GStreamer backends. (Brad Smith) (#14414)
    • Fix a crash in the Contact Availability Detection plugin. (Mark) (#15327)
    • Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts?‘ +no_x11 variant.
  • Windows-Specific Changes
    • Compile with secure flags (Jurre van Bergen) (#15290)
    • Installer downloads GTK+ Runtime and Debug Symbols more
      securely. Thanks goes to Jacob Appelbaum of the Tor Project for
      identifying this issue and suggesting solutions. (#15277)
    • Updates to a number of dependencies, some of which have
      security related fixes. Thanks again to Jacob Appelbaum and Jurre van
      Bergen for identifying the vulnerable libraries and to Dieter Verfaillie
      for helping getting the libraries updated. (#14571, #15285, #15286)

      • ATK 1.32.0-2
      • Cyrus SASL 2.1.25
      • expat 2.1.0-1
      • freetype 2.4.10-1
      • gettext 0.18.1.1-2
      • Glib 2.28.8-1
      • libpng 1.4.12-1
      • libxml2 2.9.0-1
      • NSS 3.13.6 and NSPR 4.9.2
      • Pango 1.29.4-1
      • SILC 1.1.10
      • zlib 1.2.5-2
    • Patch libmeanwhile (sametime library) to fix crash. (Jonathan Rice) (#12637

Se siete utenti Ubuntu e derivate potete aggiungere il PPA by Pidgin Developers che (dovrebbe) esser aggiornato quanto prima. Per aggiungerlo date da terminale

sudo add-apt-repository ppa:pidgin-developers/ppa

ed aggiornare.

Marco Giannini

Quello del pacco / fondatore di Marco’s Box