Fixes for gaim/pidgin vulnerabilities?

Daniel Atallah daniel.atallah at
Tue Nov 25 08:23:13 EST 2008

On Tue, Nov 25, 2008 at 6:50 AM, Luke Schierer <lschiere at> wrote:

> I haven't seen anything in my inbox about this.  Is someone working on
> it?
> Luke

A few months ago I did some investigation on the "xmlnode pool leak" issue
and was unable to verify that there is an actual problem.

I contacted Christian Grothoff and asked for some clarification about under
which conditions he though a leak might occur and he said he'd get back to
me with more details.  I guess I should prod him about it since it has been
a few months.

I'm not convinced that it is a real issue.


----- Forwarded message from Michael Gilbert <michael.s.gilbert at>
> -----
> Date: Mon, 24 Nov 2008 18:10:14 -0500
> From: Michael Gilbert <michael.s.gilbert at>
> To: debian-security at
> Subject: Fixes for gaim/pidgin vulnerabilities?
> Ubuntu [1] has recently released fixes for CVE-2008-2955,
> CVE-2008-2957, and CVE-2008-3532 in gaim/pidgin.  Can we expect to see
> these fixes released for Etch soon?
> Also note that Ubuntu seems to have missed CVE-2008-2956 [2], which
> also applies to gaim/pidgin.  The problem has not yet been fixed in
> any of the Debian archives, which may explain why they did not include
> a patch for this one.
> Thanks for working to keep Debian secure.
> [1]
> [2]
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST at
> with a subject of "unsubscribe". Trouble? Contact
> listmaster at
> ----- End forwarded message -----
> _______________________________________________
> Packagers mailing list
> Packagers at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Packagers mailing list