Software Update: Pidgin 2.11.0

Version 2.11 of Pidgin has been released. This multi-protocol instant messaging program can handle the networks of AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, irc, MSN, MySpaceIM, QQ, Silc, Simple, Sametime, XMPP, Yahoo and Zephyr. During installation, you can choose from as many as seventy different languages ​​and add spell check. Binaries are available for Windows, but the source code can be compiled under Linux. The program also integrates well into Gnome and the KDE SC. The OS X port is released under the name Adium. The changelog shows the following list of changes and improvements.

General:

• 2.10.12 was accidentally released with new additions to the API and should have been released as 2.11.0. Unfortunately, we did not catch the mistake until after 2.10.12 was released, but we’re fixing it now. See ChangeLog.API for more information.
• Include the Mozilla certificate bundle. This fixes connecting to servers with certificates from Let’s Encrypt.
• Remove all 1024-bit CAS

libpurple:

• media: fix an issue with ximagesink displaying only a corner cut-out of a larger webcam video (Jakub Adam)
• mediamanager: update output window destruction so that it reflects recent changes in the media pipeline structure (Jakub Adam)
• Ported Instantbird’s CommandUiOps to libpurple (Dequis)

Pidgin:

• Fixed #14962
• Fixed alignment of incoming right-to-left messages in protocols that don’t support rich text
• Fix a potential crash while exiting pidgin

AIM:

• Add support for the newer kerberos-based authentication of AIM 8.x

Windows Specific Changes:

• Use getaddrinfo for DNS to enable IPv6 (#1075)
• Updates to dependencies:
  • NSS 3.24 and NSPR 4.12.

Bonjour

• Fixed building on Mac OSX (Patrick Cloke) (#16883)

ICQ:

• Stop truncating passwords to 8 characters like old ICQ clients did. (#16692). If you actually needed this, truncate your password manually by pressing backspace a few times.

IRC:

• Base64 decode SASL messages before passing to libsasl (#16268)

MXit

• Fixed a buffer overflow. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0120)
• Fixed a remote out-of-bounds read. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0140)
• Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0138, TALOS-CAN-0135)
• Fixed an invalid read. Discovered by Yves Younan or Cisco Talos (TALOS-CAN-0118)
• Fixed a remote buffer overflow vulnerability. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0119)
• Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0123)
• Fixed a directory traversal issue. Discovered by Yves Younan or Cisco Talos (TALOS-CAN-0128)
• Fixed a remote denial of service vulnerability that could result in a null pointer dereference. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0133)
• Fixed a remote denial of service that could result in an out-of-bounds read. Discovered by Yves Younan or Cisco Talos (TALOS-CAN-0134)
• Fixed multiple remote buffer overflows. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0136)
• Fixed a remote NULL pointer dereference. Discovered by Yves Younan or Cisco Talos (TALOS-CAN-0137)
• Fixed a remote code execution issue discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0142)
• Fixed a remote denial of service vulnerability in contact mood handling. Discovered by Yves Younan or Cisco Talos (TALOS-CAN-0141)
• Fixed a remote out-of-bounds write vulnerability. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0139)
• Fix a remote out-of-bounds read. Discovered by Yves Younan of Cisco Talos. (TALOS-CAN-0143)