Pending disclosure date for MSN vulnerability

John Bailey rekkanoryo at
Sun Aug 16 22:58:25 EDT 2009

As has been discussed here previously, CORE has set a date of August 18 for
disclosure of the vulnerability in the MSN prpl.  There was talk of trying to
get more time to prep a coordinated release.  I have not seen any further
mention of whether anyone has contacted CORE for this, so I'm assuming we're
still on for the Tuesday deadline.

To that end, I have committed the patches discussed here for both the MSN
vulnerability and the file transfer filename crash to im.pidgin.pidgin in my
local database but have not yet pushed.  I have also done the usual grabbing of
changelog entries and whatnot from the 2.5.9 branch I created and tagged on.

Currently what I need to know is:
  * are we going to release on Tuesday?
  * when can I push my local changes to  That is, do I need to
collect and merge any further changes on im.pidgin.pidgin and continue to sit on
the changes I mentioned above up until tag and release time?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Packagers mailing list