MSN SLP Security Vulnerability
Stu Tomlinson
stu at nosnilmot.com
Wed Jun 18 19:59:52 EDT 2008
On Wed, 2008-06-18 at 18:11 -0500, Richard Laager wrote:
> If we want to fix the uPnP thing, it's a minor bump. That one is very
> low impact, so we can do that for 2.5.0 if we decide it needs fixing.
The uPnP patch, as it stands, is a major bump, as it changes
purple_util_fetch_url_request() in incompatible ways. It may be possible
to just use g_try_malloc and/or g_try_realloc as appropriate to avoid
this (in fact, I think we already do, so how is this a security issue
exactly?).
> The xmlnode patch needs some work. (NOTE: I haven't actually verified
> the problem as described.)
Someone needs to verify if this is actually a problem before we waste
time fixing the fix :) (not necessarily you, but I'm not exactly
volunteering either).
Regards,
Stu.
More information about the Packagers
mailing list