New security problem in Pidgin

Mark Doliner mark at kingant.net
Fri Oct 16 06:41:30 EDT 2009


Already public, discovered 6 days ago: http://developer.pidgin.im/ticket/10481
Our description for it is: http://pidgin.im/news/security/?id=41
Patch for 2.6.2 is attached
("libpurple_fix_icq_remote_crash.diff")--should apply without much
complaint to older code as well.
Probably should have a CVE, if anyone wants to request one for us.

There's another recent AIM/ICQ bug where the block list isn't working.
 It's not a security problem, but it's something that some people care
strongly about.  I've attached a patch for that to, in case you want
to backport it, at your option. ("libpurple_fix_aim_blocklist.diff")

We just release 2.6.3.  It is 2.6.2 plus a few hand-picked commits to
fix the above two problems and a few other small changes.

Sorry for the short notice--we first heard about this 6 days ago and
it's been a ridiculously busy week for me.

-Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libpurple_fix_icq_remote_crash.diff
Type: text/x-patch
Size: 2814 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20091016/9b7e4286/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libpurple_fix_aim_blocklist.diff
Type: text/x-patch
Size: 2540 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20091016/9b7e4286/attachment-0001.bin>


More information about the Packagers mailing list