File _patchinfo of Package patchinfo.6566

<patchinfo incident="6566">
  <issue id="1028835" tracker="bnc">VUL-0: CVE-2017-2640: pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML</issue>
  <issue id="902409" tracker="bnc">VUL-0: CVE-2014-3695: pidgin: crash in MXit protocol plug-in</issue>
  <issue id="902408" tracker="bnc">VUL-0: CVE-2014-3698: pidgin: remote information leak via crafted XMPP message</issue>
  <issue id="902410" tracker="bnc">VUL-0: CVE-2014-3696: pidgin: denial of service parsing Groupwise server message</issue>
  <issue id="1009974" tracker="bnc">Pidgin cannot connect to Freenode using SASL</issue>
  <issue id="886670" tracker="bnc">Pidgin resets main volume level</issue>
  <issue id="2017-2640" tracker="cve" />
  <issue id="2014-3698" tracker="cve" />
  <issue id="2014-3696" tracker="cve" />
  <issue id="2014-3695" tracker="cve" />
  <issue id="318572" tracker="fate" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>XRevan86</packager>
  <description>
This update for pidgin fixes the following issues:

Feature update:
- Update to GNOME 3.20.2 (fate#318572).

Security issues fixed:
- CVE-2017-2640: Fix an out of bounds memory read in purple_markup_unescape_entity. (boo#1028835)
- CVE-2014-3698: remote information leak via crafted XMPP message (boo#902408).
- CVE-2014-3696: denial of service parsing Groupwise server message (boo#902410).
- CVE-2014-3695: crash in MXit protocol plug-in (boo#902409).

Bugfixes
- Correctly remove *.so files for plugins (fixes devel-file-in-non-devel-package).
- Remove generation of a plugin list to package, simply add it all in %files with exclusions.
- Build with GStreamer 1.x on SLE 12 SP2.
- Fix SASL EXTERNAL fingerprint authentication (boo#1009974).
- Use ALSA as default for avoiding broken volume control of pa sink (boo#886670).
</description>
  <summary>Security update for pidgin</summary>
</patchinfo>