Pidgin 2.5.9, 2.6.0, 2.6.1
wtogami at redhat.com
Wed Aug 19 10:22:23 EDT 2009
On 08/19/2009 10:08 AM, John Bailey wrote:
> Mark Doliner wrote:
>> 2.6.1: This is 2.6.0 with an important security fix and some fixed
>> compilation problems. Please use this and never 2.6.0!
> For reference, the security issue was that a remote user could send a URL over
> Yahoo and crash a running Pidgin. Neither Mark nor I could reproduce this
> ourselves, but the user experiencing it was able to provide us a good backtrace
> and test the patch for us. It was already public on our trac before Mark fixed
> the issue (http://developer.pidgin.im/ticket/9946).
2.6.0 was already pushed to users. To avoid confusion, we should assign
a CVE to this new issue. bressers is asking for a new CVE number.
IRC discussion seemed to indicate that this did not effect 2.5.9, so it
is limited to only 2.6.0 that needs fixing.
More information about the Packagers