New security problem in Pidgin

Jan Lieskovsky jlieskov at
Fri Oct 16 06:48:33 EDT 2009

Hello Mark,

   thank you for the heads-up!

   Does this already have a CVE id assigned to it? Or should we assign one?

Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Mark Doliner wrote:
> Already public, discovered 6 days ago:
> Our description for it is:
> Patch for 2.6.2 is attached
> ("libpurple_fix_icq_remote_crash.diff")--should apply without much
> complaint to older code as well.
> Probably should have a CVE, if anyone wants to request one for us.
> There's another recent AIM/ICQ bug where the block list isn't working.
>  It's not a security problem, but it's something that some people care
> strongly about.  I've attached a patch for that to, in case you want
> to backport it, at your option. ("libpurple_fix_aim_blocklist.diff")
> We just release 2.6.3.  It is 2.6.2 plus a few hand-picked commits to
> fix the above two problems and a few other small changes.
> Sorry for the short notice--we first heard about this 6 days ago and
> it's been a ridiculously busy week for me.
> -Mark
> ------------------------------------------------------------------------
> _______________________________________________
> Packagers mailing list
> Packagers at

More information about the Packagers mailing list