Possible libpurple vulnerability in multiple prpls

John Bailey rekkanoryo at rekkanoryo.org
Sat Aug 15 17:30:06 EDT 2009


Mark Doliner wrote:
> In the past I think we have not gotten CVE numbers for things that
> require the user to accept a request.  So my vote is no.  But maybe
> you should hold off on committing the change until Tuesday the 18th,
> and maybe email us a diff of your fix?
> 
> -Mark

If we could have the patch here ASAP, that would be great.  With a patch to
commit, I could kill the 2.5.9 tag while it's still local to my database only
and retag with the patch included (and also generate new tarballs).

John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20090815/f2110ced/attachment.pgp>


More information about the Packagers mailing list