Pidgin 2.5.9, 2.6.0, 2.6.1
Warren Togami
wtogami at redhat.com
Wed Aug 19 10:22:23 EDT 2009
On 08/19/2009 10:08 AM, John Bailey wrote:
> Mark Doliner wrote:
>> 2.6.1: This is 2.6.0 with an important security fix and some fixed
>> compilation problems. Please use this and never 2.6.0!
>
> For reference, the security issue was that a remote user could send a URL over
> Yahoo and crash a running Pidgin. Neither Mark nor I could reproduce this
> ourselves, but the user experiencing it was able to provide us a good backtrace
> and test the patch for us. It was already public on our trac before Mark fixed
> the issue (http://developer.pidgin.im/ticket/9946).
>
2.6.0 was already pushed to users. To avoid confusion, we should assign
a CVE to this new issue. bressers is asking for a new CVE number.
IRC discussion seemed to indicate that this did not effect 2.5.9, so it
is limited to only 2.6.0 that needs fixing.
Warren
More information about the Packagers
mailing list