Possible libpurple vulnerability in multiple prpls
Mark Doliner
mark at kingant.net
Sun Aug 16 17:32:18 EDT 2009
On Sun, Aug 16, 2009 at 12:57 PM, John Bailey<rekkanoryo at rekkanoryo.org> wrote:
> Warren Togami wrote:
>> OK, sitting for this long without a new 2.5.9 is more uncertainty as to
>> what exactly 2.5.9 will be. I'm going ahead with the 2.5.8 +
>> CVE-2009-2694 that I built on Friday.
>>
>> Warren
>
> I was waiting for another developer to state a preference one way or the other
> on including the patch. Since there was no further discussion, I have
> regenerated the tarball and signature previously linked here and added the
> .tar.gz and .tar.gz.asc files as well. I have also replaced the tag.
>
> For reference, the patch Elliott sent does not apply to bonjour and must be done
> manually.
Sorry for not responding earlier. I don't have a strong preference
either way. I'm mildly in favor of including it. A note to all
packagers: if you ship a 2.5.9 package, please make sure you grab the
new one that John uploaded and not the original one!
Thanks,
Mark
More information about the Packagers
mailing list