11-06-2014, 07:13 AM
Pidgin v2.10.10 Portable | 77.7 Mb
Supported chat networks:
* AIM
* Bonjour
* Gadu-Gadu
* Google Talk
* Groupwise
* ICQ
* IRC
* MSN
* MySpaceIM
* SILC
* SIMPLE
* Sametime
* XMPP
* Yahoo!
* Zephyr
What's New in This Release:
General
Check
the basic constraints extension when validating SSL/TLS certificates.
This fixes a security hole that allowed a malicious man-in-the-middle to
impersonate an IM server or any other https endpoint. This affected
both the NSS and GnuTLS plugins.
(Discovered by an anonymous person and Jacob Appelbaum of the Tor
Project, with thanks to Moxie Marlinspike for first publishing about
this type of vulnerability. Thanks to Kai Engert for guidance and for
some of the NSS changes) (CVE-2014-3694)
Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL. (Elrond and Ashish Gupta) (#15909)
libpurple3 compatibility
Encrypted account passwords are preserved until the new one is set.
Fix loading Google Talk and Facebook XMPP accounts.
Windows-Specific Changes
Don't
allow overwriting arbitrary files on the file system when the user
installs a smiley theme via drag-and-drop. (Discovered by Yves Younan of
Cisco Talos) (CVE-2014-3697)
Updates to dependencies
NSS 3.17.1 and NSPR 4.10.7
Finch
Fix build against Python 3. (Ed Catmur) (#15969)
Gadu-Gadu
Updated internal libgadu to version 1.12.0.
Groupwise
Fix
potential remote crash parsing server message that indicates that a
large amount of memory should be allocated. (Discovered by Yves Younan
and Richard Johnson of Cisco Talos) (CVE-2014-3696)
IRC
Fix a possible leak of unencrypted data when using /me command with OTR. (Thijs Alkemade) (#15750)
MXit
Fix
potential remote crash parsing a malformed emoticon response.
(Discovered by Yves Younan and Richard Johnson of Cisco Talos)
(CVE-2014-3695)
XMPP
Fix potential information leak where a
malicious XMPP server and possibly even a malicious remote user could
create a carefully crafted XMPP message that causes libpurple to send an
XMPP message containing arbitrary memory. (Discovered and fixed by
Thijs Alkemade and Paul Aurich) (CVE-2014-3698)
Fix Facebook XMPP roster quirks. (#15041, #15957)
Yahoo
Fix login when using the GnuTLS library for TLS connections. (#16172)
Home Page - http://www.pidgin.im
Download:
http://[Reported by Members as spam/premium links]/file/nrhq8umm/02112014_15.rar
http://[Reported by Members as premium hosting that SUCK! Use MEDIAFIRE :) !!!]/tuoejvd9lj1h/02112014_15.rar