[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]
Warren Togami
wtogami at redhat.com
Fri Aug 14 23:28:39 EDT 2009
On 08/14/2009 09:24 PM, Stu Tomlinson wrote:
> On Sat, Aug 15, 2009 at 02:19, John Bailey<rekkanoryo at rekkanoryo.org> wrote:
>> If someone wants to confirm this compiles and functions against 1.5.1, I can
>> talk to Luke about what I should include in a 1.5.2 tag (I will obviously not be
>> able to generate tarballs).
>
> I don't think there is any point in doing anything even resembling an
> official 1.5.2 release including this fix unless we are going to
> include backported fixes for all other vulnerabilities since 1.5.1 was
> released (which I expect we are not going to attempt). If we do
> include just this fix, it's only going to confuse people.
>
Looking at SuSE's gaim-1.5.0 package and our pidgin-1.5.1, we have
substantial differences. I doubt SuSE would upgrade to a pidgin-1.5.2,
and our people are suggesting we patch only this security issue and
leave everything else as-is. For this reason I cancel my request for a
1.5.2.
Warren
More information about the Packagers
mailing list