New security problem in Pidgin
Jan Lieskovsky
jlieskov at redhat.com
Fri Oct 16 06:48:33 EDT 2009
Hello Mark,
thank you for the heads-up!
Does this already have a CVE id assigned to it? Or should we assign one?
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Mark Doliner wrote:
> Already public, discovered 6 days ago: http://developer.pidgin.im/ticket/10481
> Our description for it is: http://pidgin.im/news/security/?id=41
> Patch for 2.6.2 is attached
> ("libpurple_fix_icq_remote_crash.diff")--should apply without much
> complaint to older code as well.
> Probably should have a CVE, if anyone wants to request one for us.
>
> There's another recent AIM/ICQ bug where the block list isn't working.
> It's not a security problem, but it's something that some people care
> strongly about. I've attached a patch for that to, in case you want
> to backport it, at your option. ("libpurple_fix_aim_blocklist.diff")
>
> We just release 2.6.3. It is 2.6.2 plus a few hand-picked commits to
> fix the above two problems and a few other small changes.
>
> Sorry for the short notice--we first heard about this 6 days ago and
> it's been a ridiculously busy week for me.
>
> -Mark
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Packagers mailing list
> Packagers at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/packagers
More information about the Packagers
mailing list