[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Stanislav Brabec sbrabec at suse.cz
Fri Aug 14 10:51:59 EDT 2009

Warren Togami wrote:
> So normally the way vendors work when an embargo is known, we prepare 
> our packages, and QA test them, to simultaneously release the binary 
> packages on the embargo lift day.
> Is the patch against 2.5.8 even finalized now?
> If 2.5.9 is truly 2.5.8 + that one patch, then could you bless an 
> official 2.5.9 tarball now so we can kick off this process internally 
> and be ready for embargo lift day?

Thanks I am now re-submitting packages with the new patch from Mark
Doliner. They will be pending until the correctness approval.

Is it possible to send finalized patch to vendor-sec at lst.de? Security
people from distros are probably not subscribed here.

Best Regards / S pozdravem,

Stanislav Brabec
software developer
SUSE LINUX, s. r. o.                          e-mail: sbrabec at suse.cz
Lihovarská 1060/12           tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9                                  fax: +420 284 028 951
Czech Republic                                    http://www.suse.cz/

More information about the Packagers mailing list