[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Warren Togami wtogami at redhat.com
Fri Aug 14 23:28:39 EDT 2009

On 08/14/2009 09:24 PM, Stu Tomlinson wrote:
> On Sat, Aug 15, 2009 at 02:19, John Bailey<rekkanoryo at rekkanoryo.org>  wrote:
>> If someone wants to confirm this compiles and functions against 1.5.1, I can
>> talk to Luke about what I should include in a 1.5.2 tag (I will obviously not be
>> able to generate tarballs).
> I don't think there is any point in doing anything even resembling an
> official 1.5.2 release including this fix unless we are going to
> include backported fixes for all other vulnerabilities since 1.5.1 was
> released (which I expect we are not going to attempt). If we do
> include just this fix, it's only going to confuse people.

Looking at SuSE's gaim-1.5.0 package and our pidgin-1.5.1, we have 
substantial differences.  I doubt SuSE would upgrade to a pidgin-1.5.2, 
and our people are suggesting we patch only this security issue and 
leave everything else as-is.  For this reason I cancel my request for a 


More information about the Packagers mailing list