[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

John Bailey rekkanoryo at rekkanoryo.org
Fri Aug 14 21:19:02 EDT 2009

Paul Aurich wrote:
> gaim/pidgin1.5 uses the MSN prpl the same way it does now, and I think
> every version going back to the first one that included the relevant code
> (based on looking at the commits) would be vulnerable.
> My "patch" should apply to it just fine, though you'll need to make the
> change in the appropriate file, since paths have changed.

The patch does apply, but I cannot compile to test, as my system appears to have
versions of tools that are far too new.

In order to apply the patch, I changed the paths from 'libpurple/protocols' to
'src/protocols' and fed it to patch.  Here is the relevant output:

jbailey at atl:~/devel/compile/pidgin-151>>$ patch -p0 <
patching file src/protocols/msn/slplink.c
Hunk #1 succeeded at 467 with fuzz 1 (offset 26 lines).
Hunk #2 succeeded at 578 with fuzz 2 (offset -1 lines).

If someone wants to confirm this compiles and functions against 1.5.1, I can
talk to Luke about what I should include in a 1.5.2 tag (I will obviously not be
able to generate tarballs).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20090814/e322e4a2/attachment.pgp>

More information about the Packagers mailing list