MSN SLP Security Vulnerability
Richard Laager
rlaager at wiktel.com
Wed Jun 18 19:11:32 EDT 2008
On Wed, 2008-06-18 at 14:29 -0400, Daniel Atallah wrote:
> I'm fine with this, but I'd like to backport a couple crashing fixes
> from i.p.p (yahoo aliases, and something else I can't remember
> offhand).
Could you start the 2.4.3 branch with these? When you're ready, we can
commit the security fix and go from there.
If we want to fix the uPnP thing, it's a minor bump. That one is very
low impact, so we can do that for 2.5.0 if we decide it needs fixing.
The xmlnode patch needs some work. (NOTE: I haven't actually verified
the problem as described.) We should maintain a separate GList rather
than modifying the definition of xmlnode (which would force a major
bump).
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20080618/b9d4b41f/attachment.pgp
More information about the Packagers
mailing list