MSN SLP Security Vulnerability

Stu Tomlinson stu at
Wed Jun 18 19:59:52 EDT 2008

On Wed, 2008-06-18 at 18:11 -0500, Richard Laager wrote:
> If we want to fix the uPnP thing, it's a minor bump. That one is very
> low impact, so we can do that for 2.5.0 if we decide it needs fixing.

The uPnP patch, as it stands, is a major bump, as it changes
purple_util_fetch_url_request() in incompatible ways. It may be possible
to just use g_try_malloc and/or g_try_realloc as appropriate to avoid
this (in fact, I think we already do, so how is this a security issue

> The xmlnode patch needs some work. (NOTE: I haven't actually verified
> the problem as described.)

Someone needs to verify if this is actually a problem before we waste
time fixing the fix :) (not necessarily you, but I'm not exactly
volunteering either).



More information about the Packagers mailing list