New security problem in Pidgin
Warren Togami
wtogami at redhat.com
Fri Oct 16 09:32:32 EDT 2009
On 10/16/2009 06:41 AM, Mark Doliner wrote:
> Already public, discovered 6 days ago: http://developer.pidgin.im/ticket/10481
> Our description for it is: http://pidgin.im/news/security/?id=41
> Patch for 2.6.2 is attached
> ("libpurple_fix_icq_remote_crash.diff")--should apply without much
> complaint to older code as well.
> Probably should have a CVE, if anyone wants to request one for us.
>
> There's another recent AIM/ICQ bug where the block list isn't working.
> It's not a security problem, but it's something that some people care
> strongly about. I've attached a patch for that to, in case you want
> to backport it, at your option. ("libpurple_fix_aim_blocklist.diff")
>
> We just release 2.6.3. It is 2.6.2 plus a few hand-picked commits to
> fix the above two problems and a few other small changes.
>
> Sorry for the short notice--we first heard about this 6 days ago and
> it's been a ridiculously busy week for me.
Hi,
http://cvs.fedoraproject.org/viewvc/devel/pidgin/
I haven't looked at the 2.6.3 tarball yet (need to drive to office now),
but were all these early post-2.6.2 patches included? We've been
running them in production for weeks now on our pidgin-2.6.2 as they
were recommended by folks in #pidgin.
Warren Togami
wtogami at redhat.com
More information about the Packagers
mailing list