[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Warren Togami wtogami at redhat.com
Fri Aug 14 14:19:24 EDT 2009

On 08/14/2009 01:49 PM, Ari Pollak wrote:
> Is there a CVE number for this yet? I couldn't seem to find any in my
> history. Also, if the patch isn't going to be finalized soon, can we
> delay the unemargo date to give people time to prepare packages?

This current situation is lacking clarity.

* It is not clear we have a CVE number.
* It is not clear if 2.5.9 is happening.  If it is happening, who is 
doing it?  Will the official tarball be cut a few days early without a 
mtn checkin?

We are already past the point where we can comfortably build a binary 
and give QA adequate time to verify it before embargo lift day.

Could we please move the embargo day to Thursday, August 20th?

Even then, we would need the 2.5.9 tarball and CVE number today.


More information about the Packagers mailing list