MSN SLP Security Vulnerability

Richard Laager rlaager at
Wed Jun 18 19:11:32 EDT 2008

On Wed, 2008-06-18 at 14:29 -0400, Daniel Atallah wrote:
> I'm fine with this, but I'd like to backport a couple crashing fixes
> from i.p.p (yahoo aliases, and something else I can't remember
> offhand).

Could you start the 2.4.3 branch with these? When you're ready, we can
commit the security fix and go from there.

If we want to fix the uPnP thing, it's a minor bump. That one is very
low impact, so we can do that for 2.5.0 if we decide it needs fixing.

The xmlnode patch needs some work. (NOTE: I haven't actually verified
the problem as described.) We should maintain a separate GList rather
than modifying the definition of xmlnode (which would force a major

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : 

More information about the Packagers mailing list