Pidgin 2.5.9, 2.6.0, 2.6.1

Stu Tomlinson stu at nosnilmot.com
Fri Aug 21 22:31:32 EDT 2009


On Sat, Aug 22, 2009 at 03:17, Josh Bressers<bressers at redhat.com> wrote:
> ----- "Stu Tomlinson" <stu at nosnilmot.com> wrote:
>> Is there any update on a CVE number for this issue?
>>
>> I think we need one because this affects the default settings for
>> Yahoo! IM that allow anyone to send you an IM without prior
>> confirmation, and I think this is a DoS bug.
>>
>
> A CVE id has been requested from MITRE, but they're quite slow, so it's going
> to take time.
>
> This is one of the annoying things about CVE. If you get one from a CNA (Red
> Hat for example), it's fast. Once an issue is public, CNAs aren't supposed to
> assign an ID, we have to ask MITRE. This is prevent dupes, as no doubt MITRE
> knew about this before I asked them for an ID.
>
> In the future, feel free to mail me (heck call me if you want, whois
> bress.net), and I'll make sure whatever needs an ID gets one before it goes
> public.

Josh,

Thank you very much for the clear explanation. I (and I hope the rest
of the team) will certainly try to remember this in the future.

Sorry if we caused any packagers any problems with these releases, 3
releases in 24 hours is a bit crazy :)

Regards,


Stu.



More information about the Packagers mailing list