Possible libpurple vulnerability in multiple prpls

Mark Doliner mark at kingant.net
Sun Aug 16 17:32:18 EDT 2009


On Sun, Aug 16, 2009 at 12:57 PM, John Bailey<rekkanoryo at rekkanoryo.org> wrote:
> Warren Togami wrote:
>> OK, sitting for this long without a new 2.5.9 is more uncertainty as to
>> what exactly 2.5.9 will be.  I'm going ahead with the 2.5.8 +
>> CVE-2009-2694 that I built on Friday.
>>
>> Warren
>
> I was waiting for another developer to state a preference one way or the other
> on including the patch.  Since there was no further discussion, I have
> regenerated the tarball and signature previously linked here and added the
> .tar.gz and .tar.gz.asc files as well.  I have also replaced the tag.
>
> For reference, the patch Elliott sent does not apply to bonjour and must be done
> manually.

Sorry for not responding earlier.  I don't have a strong preference
either way.  I'm mildly in favor of including it.  A note to all
packagers: if you ship a 2.5.9 package, please make sure you grab the
new one that John uploaded and not the original one!

Thanks,
Mark



More information about the Packagers mailing list