Pending disclosure date for MSN vulnerability
John Bailey
rekkanoryo at rekkanoryo.org
Sun Aug 16 22:58:25 EDT 2009
As has been discussed here previously, CORE has set a date of August 18 for
disclosure of the vulnerability in the MSN prpl. There was talk of trying to
get more time to prep a coordinated release. I have not seen any further
mention of whether anyone has contacted CORE for this, so I'm assuming we're
still on for the Tuesday deadline.
To that end, I have committed the patches discussed here for both the MSN
vulnerability and the file transfer filename crash to im.pidgin.pidgin in my
local database but have not yet pushed. I have also done the usual grabbing of
changelog entries and whatnot from the 2.5.9 branch I created and tagged on.
Currently what I need to know is:
* are we going to release on Tuesday?
* when can I push my local changes to mtn.pidgin.im? That is, do I need to
collect and merge any further changes on im.pidgin.pidgin and continue to sit on
the changes I mentioned above up until tag and release time?
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20090816/929cd5a5/attachment.pgp>
More information about the Packagers
mailing list