New security problem in Pidgin
Mark Doliner
mark at kingant.net
Fri Oct 16 12:47:45 EDT 2009
No this does not already have a CVE id assigned to it. Yes it
probably makes sense for someone to assign one.
-Mark
On Fri, Oct 16, 2009 at 3:48 AM, Jan Lieskovsky <jlieskov at redhat.com> wrote:
> Hello Mark,
>
> thank you for the heads-up!
>
> Does this already have a CVE id assigned to it? Or should we assign one?
>
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
>
> Mark Doliner wrote:
>>
>> Already public, discovered 6 days ago:
>> http://developer.pidgin.im/ticket/10481
>> Our description for it is: http://pidgin.im/news/security/?id=41
>> Patch for 2.6.2 is attached
>> ("libpurple_fix_icq_remote_crash.diff")--should apply without much
>> complaint to older code as well.
>> Probably should have a CVE, if anyone wants to request one for us.
>>
>> There's another recent AIM/ICQ bug where the block list isn't working.
>> It's not a security problem, but it's something that some people care
>> strongly about. I've attached a patch for that to, in case you want
>> to backport it, at your option. ("libpurple_fix_aim_blocklist.diff")
>>
>> We just release 2.6.3. It is 2.6.2 plus a few hand-picked commits to
>> fix the above two problems and a few other small changes.
>>
>> Sorry for the short notice--we first heard about this 6 days ago and
>> it's been a ridiculously busy week for me.
>>
>> -Mark
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Packagers mailing list
>> Packagers at pidgin.im
>> http://pidgin.im/cgi-bin/mailman/listinfo/packagers
>
>
More information about the Packagers
mailing list