Pidgin 2.5.9, 2.6.0, 2.6.1

Josh Bressers bressers at
Fri Aug 21 22:17:39 EDT 2009

----- "Stu Tomlinson" <stu at> wrote:
> Is there any update on a CVE number for this issue?
> I think we need one because this affects the default settings for
> Yahoo! IM that allow anyone to send you an IM without prior
> confirmation, and I think this is a DoS bug.

A CVE id has been requested from MITRE, but they're quite slow, so it's going
to take time.

This is one of the annoying things about CVE. If you get one from a CNA (Red
Hat for example), it's fast. Once an issue is public, CNAs aren't supposed to
assign an ID, we have to ask MITRE. This is prevent dupes, as no doubt MITRE
knew about this before I asked them for an ID.

In the future, feel free to mail me (heck call me if you want, whois, and I'll make sure whatever needs an ID gets one before it goes


More information about the Packagers mailing list