Pidgin, il popolare client di messaggistica istantanea multipiattaforma si aggiorna. Giunge infatti Pidgin 2.10.7 nuova minor release che contiene però alcuni aggiornamenti di sicurezza importati per gli utenti MXit, Sametime e chiunque utilizzi una rete pubblica (Wifi di università, uffici etc). Oltre a questo contiene i certificati SSL aggiornati per risolvere i problemi di login con MSN. L'aggiornamento è dunque consigliato.
Ma leggiamo assieme il changelog
- Alien hatchery
- No changes
- General
- The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
- libpurple
- Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)
- Don't link directly to libgcrypt when building with GnuTLS support. (Bartosz Brachaczek) (#15329)
- Fix UPnP mappings on routers that return empty <URLBase/> elements in their response. (Ferdinand Stehle) (#15373)
- Tcl plugin uses saner, race-free plugin loading.
- Fix the Tcl signals-test plugin for savedstatus-changed. (Andrew Shadura) (#15443)
- Pidgin
- Make Pidgin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.
- Gadu-Gadu
- IRC
- MSN
- Fix SSL certificate issue when signing into MSN for some users.
- Fix a crash when removing a user before its icon is loaded. (Mark Barfield) (#15217)
- MXit
- Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271)
- Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272)
- Display farewell messages in a different colour to distinguish them from normal messages.
- Add support for typing notification.
- Add support for the Relationship Status profile attribute.
- Remove all reference to Hidden Number.
- Ignore new invites to join a GroupChat? if you're already joined, or still have a pending invite.
- The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set.
- Fix decoding of font-size changes in the markup of received messages.
- Increase the maximum file size that can be transferred to 1 MB.
- When setting an avatar image, no longer downscale it to 96x96.
- Sametime
- Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)
- Yahoo'''
- Plugins
- The Voice/Video? Settings plugin supports using the sndio GStreamer backends. (Brad Smith) (#14414)
- Fix a crash in the Contact Availability Detection plugin. (Mark) (#15327)
- Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.
- Windows-Specific Changes
- Compile with secure flags (Jurre van Bergen) (#15290)
- Installer downloads GTK+ Runtime and Debug Symbols more securely. Thanks goes to Jacob Appelbaum of the Tor Project for identifying this issue and suggesting solutions. (#15277)
- Updates to a number of dependencies, some of which have
security related fixes. Thanks again to Jacob Appelbaum and Jurre van
Bergen for identifying the vulnerable libraries and to Dieter Verfaillie
for helping getting the libraries updated. (#14571, #15285, #15286)
- ATK 1.32.0-2
- Cyrus SASL 2.1.25
- expat 2.1.0-1
- freetype 2.4.10-1
- gettext 0.18.1.1-2
- Glib 2.28.8-1
- libpng 1.4.12-1
- libxml2 2.9.0-1
- NSS 3.13.6 and NSPR 4.9.2
- Pango 1.29.4-1
- SILC 1.1.10
- zlib 1.2.5-2
- Patch libmeanwhile (sametime library) to fix crash. (Jonathan Rice) (#12637)
Se siete utenti Ubuntu e derivate potete aggiungere il PPA by Pidgin Developers che (dovrebbe) esser aggiornato quanto prima. Per aggiungerlo date da terminale
sudo add-apt-repository ppa:pidgin-developers/ppa
ed aggiornare.
