Fwd: FYI: Remote DOS in Pidgin 2.2.0 over MSN
Kevin Stange
kstange at pidgin.im
Fri Sep 28 04:52:08 EDT 2007
Sean Egan wrote:
> On 9/27/07, Luke Schierer <lschiere at pidgin.im> wrote:
>>> I think you mean 2.2.1, and the MSN code is nowhere near release-worthy.
>>> I suggest, if we're going to release for this, we create a branch from
>>> 2.2.0 for 2.2.1 and include this fix and other known good fixes (such as
>>> the multiple memory leaks) in that (we can probably do this without
>>> adding new strings).
>
> This sounds like the right thing to do. I'm out of town for a wedding
> and can't be much help for a while. Stu and Luke, do you think you
> could get all the known good fixes to 2.2.1 branch and release it
> ASAP?
>
> Kevin, do you think you can create a new version of our old security
> bugs page and updatae it with this information. It sounds like Josh
> Bressers (bressers at redhat.com) will get us a CVE number.
>
> -s
Okay, I wrote up the following:
http://pidgin.simguy.net/news/security/index-updated.php?id=23
I will move this to "index.php" of course, but I showed some people
index.php, so I don't want that link visible to the world yet. Give me
any changes that are needed, a CVE number, and/or the go-ahead and I'll
commit and push the page with the updated information.
(I admit I am no expert on what information is correct to disclose, so I
may be disclosing too much, too little, or the wrong stuff.)
Kevin
More information about the Packagers
mailing list