[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Stanislav Brabec sbrabec at suse.cz
Thu Aug 13 07:56:03 EDT 2009

Warren Togami wrote:

> It seems that the distros still shipping pidgin-1.5.x might have a 
> different mish-mash of patches by now.  Could we please collaborate and 
> cut a new "upstream" pidgin-1.5.2 with the common parts that we can 
> agree upon?  It would make it easier to ship patches for security issues 
> like this which corrects an earlier incomplete attempt of closing 
> security holes.
> http://people.redhat.com/wtogami/temp/.pidgin/files/
> Here's all the patches against our current RHEL-3 pidgin-1.5.1.

Here is SLES/SLED gaim:

It should fix everything except CVE-2008-3532 and Yahoo protocol change.

> I believe all of these patches are safe for pidgin-1.5.2.  Do the other 
> distros have more patches that are known safe and relevant to other distros?

In case of SLE gaim, I am unsure with *nonblock* patches (and maybe

> pidgin-1.5.2 should also remove/disable protocols known to be broken 
> like SILC and Yahoo.  Any other protocols known broken in this old version?

ICQ. Fixes are in SLE. Even if ICQ works in Gaim on SLE, I doubt it is
usable. Due to missing spam protection, Gaim gets Russian ICQ spam every
few minutes.

Best Regards / S pozdravem,

Stanislav Brabec
software developer
SUSE LINUX, s. r. o.                          e-mail: sbrabec at suse.cz
Lihovarská 1060/12           tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9                                  fax: +420 284 028 951
Czech Republic                                    http://www.suse.cz/

More information about the Packagers mailing list