Pending disclosure date for MSN vulnerability
Mark Doliner
mark at kingant.net
Mon Aug 17 13:13:39 EDT 2009
On Sun, Aug 16, 2009 at 7:58 PM, John Bailey<rekkanoryo at rekkanoryo.org> wrote:
> As has been discussed here previously, CORE has set a date of August 18 for
> disclosure of the vulnerability in the MSN prpl. There was talk of trying to
> get more time to prep a coordinated release. I have not seen any further
> mention of whether anyone has contacted CORE for this, so I'm assuming we're
> still on for the Tuesday deadline.
>
> To that end, I have committed the patches discussed here for both the MSN
> vulnerability and the file transfer filename crash to im.pidgin.pidgin in my
> local database but have not yet pushed. I have also done the usual grabbing of
> changelog entries and whatnot from the 2.5.9 branch I created and tagged on.
>
> Currently what I need to know is:
> * are we going to release on Tuesday?
I'm in favor of Tuesday. (And I haven't seen anyone mention
delaying--was that on IRC or something?)
> * when can I push my local changes to mtn.pidgin.im? That is, do I need to
> collect and merge any further changes on im.pidgin.pidgin and continue to sit on
> the changes I mentioned above up until tag and release time?
Yeah you should wait until Tuesday to push the changes. And maybe do
a pull/merge around the same time that you push.
-Mark
More information about the Packagers
mailing list