[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]
Stanislav Brabec
sbrabec at suse.cz
Tue Aug 11 06:32:35 EDT 2009
Warren Togami wrote:
> On 08/10/2009 11:20 AM, Ari Pollak wrote:
> > Paul Aurich wrote:
> >> To prod this process along some more, I'm attaching a patch and debug log
> >
> > So... is this going to be the official patch that goes into 2.5.9?
>
> It seems that pidgin-1.5.x is also affected. Are other distros patching
> that too?
I guess you think Gaim.
Did you already try the PoC on Gaim?
If it is affected, I will try to backport the fix, if it will be
reasonably easy. However I don't think so. The new MSN code is using
libpurple, the old code is self-standing.
Until now, we were able to backport all security and protocol change
fixes except CVE-2008-3532 and Yahoo protocol change.
We are thinking about deprecating of gaim. Gaim is still the only option
in NLD9, for SLED10 we already provide pidgin as a recommended
alternative.
For example our patched Gaim still works with ICQ, but it gets a spam
each 2-3 minutes.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec at suse.cz
Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9 fax: +420 284 028 951
Czech Republic http://www.suse.cz/
More information about the Packagers
mailing list