New security problem in Pidgin

Warren Togami wtogami at
Fri Oct 16 09:32:32 EDT 2009

On 10/16/2009 06:41 AM, Mark Doliner wrote:
> Already public, discovered 6 days ago:
> Our description for it is:
> Patch for 2.6.2 is attached
> ("libpurple_fix_icq_remote_crash.diff")--should apply without much
> complaint to older code as well.
> Probably should have a CVE, if anyone wants to request one for us.
> There's another recent AIM/ICQ bug where the block list isn't working.
>   It's not a security problem, but it's something that some people care
> strongly about.  I've attached a patch for that to, in case you want
> to backport it, at your option. ("libpurple_fix_aim_blocklist.diff")
> We just release 2.6.3.  It is 2.6.2 plus a few hand-picked commits to
> fix the above two problems and a few other small changes.
> Sorry for the short notice--we first heard about this 6 days ago and
> it's been a ridiculously busy week for me.

I haven't looked at the 2.6.3 tarball yet (need to drive to office now), 
but were all these early post-2.6.2 patches included?  We've been 
running them in production for weeks now on our pidgin-2.6.2 as they 
were recommended by folks in #pidgin.

Warren Togami
wtogami at

More information about the Packagers mailing list