Fixes for gaim/pidgin vulnerabilities?

Daniel Atallah daniel.atallah at gmail.com
Tue Nov 25 08:23:13 EST 2008


On Tue, Nov 25, 2008 at 6:50 AM, Luke Schierer <lschiere at pidgin.im> wrote:

> I haven't seen anything in my inbox about this.  Is someone working on
> it?
>
> Luke


A few months ago I did some investigation on the "xmlnode pool leak" issue
and was unable to verify that there is an actual problem.

I contacted Christian Grothoff and asked for some clarification about under
which conditions he though a leak might occur and he said he'd get back to
me with more details.  I guess I should prod him about it since it has been
a few months.

I'm not convinced that it is a real issue.

-D

----- Forwarded message from Michael Gilbert <michael.s.gilbert at gmail.com>
> -----
>
> Date: Mon, 24 Nov 2008 18:10:14 -0500
> From: Michael Gilbert <michael.s.gilbert at gmail.com>
> To: debian-security at lists.debian.org
> Subject: Fixes for gaim/pidgin vulnerabilities?
>
> Ubuntu [1] has recently released fixes for CVE-2008-2955,
> CVE-2008-2957, and CVE-2008-3532 in gaim/pidgin.  Can we expect to see
> these fixes released for Etch soon?
>
> Also note that Ubuntu seems to have missed CVE-2008-2956 [2], which
> also applies to gaim/pidgin.  The problem has not yet been fixed in
> any of the Debian archives, which may explain why they did not include
> a patch for this one.
>
> Thanks for working to keep Debian secure.
>
> [1] http://www.ubuntu.com/usn/USN-675-1
> [2] http://security-tracker.debian.net/tracker/CVE-2008-2956
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST at lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster at lists.debian.org
>
>
> ----- End forwarded message -----
>
> _______________________________________________
> Packagers mailing list
> Packagers at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/packagers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20081125/e50fbc14/attachment.htm 


More information about the Packagers mailing list