[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]
Stanislav Brabec
sbrabec at suse.cz
Thu Aug 13 07:56:03 EDT 2009
Warren Togami wrote:
> It seems that the distros still shipping pidgin-1.5.x might have a
> different mish-mash of patches by now. Could we please collaborate and
> cut a new "upstream" pidgin-1.5.2 with the common parts that we can
> agree upon? It would make it easier to ship patches for security issues
> like this which corrects an earlier incomplete attempt of closing
> security holes.
>
> http://people.redhat.com/wtogami/temp/.pidgin/files/
> Here's all the patches against our current RHEL-3 pidgin-1.5.1.
Here is SLES/SLED gaim:
http://pack.suse.cz/sbrabec/gaim/
It should fix everything except CVE-2008-3532 and Yahoo protocol change.
> I believe all of these patches are safe for pidgin-1.5.2. Do the other
> distros have more patches that are known safe and relevant to other distros?
In case of SLE gaim, I am unsure with *nonblock* patches (and maybe
more).
> pidgin-1.5.2 should also remove/disable protocols known to be broken
> like SILC and Yahoo. Any other protocols known broken in this old version?
ICQ. Fixes are in SLE. Even if ICQ works in Gaim on SLE, I doubt it is
usable. Due to missing spam protection, Gaim gets Russian ICQ spam every
few minutes.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec at suse.cz
Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9 fax: +420 284 028 951
Czech Republic http://www.suse.cz/
More information about the Packagers
mailing list