Remote crashes being fixed in 2.6.2

Ethan Blanton elb at pidgin.im
Wed Sep 9 21:03:17 EDT 2009


Josh Bressers spake unto us the following wisdom:
> I think using 2.6.2 as an example works in this instance. The update
> came out before the packages list knew, and none of them had CVE ids.

This is definitely confusing to me.  It seemed to me that 2.6.2 was
*well* discussed before it occurred, the packages were just a day or
two later than we originally intended.  Certainly there were CVEs
flying around for a number of issues before the release (including the
IRC exploit mentioned by warren that received a Red Hat CVE on the
spot).

> One could even use 2.6.0 as an example. There wasn't near the
> colaboration on the patch as there could have been. I was unfortunatly
> away during that cycle, but normally I would have been happy to help
> test/very the fix is what was needed.

I can't speak to this, I wasn't even aware of it until 2.6.0 was out
the door.  (Assuming this is the XMPP TLS negotiation bug.) That's
possibly an indication of a problem.  ;-)

> In general, yes the right thing is done, and I'm quite happy with
> Pidgin upstream. If you don't want my help, I'll head back into the
> shadows and only jump out when needed :)

I for one am glad that someone thinks we're doing something right --
and no, we want the feedback, don't go away.  ;-)

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20090909/3494be06/attachment.pgp>


More information about the Packagers mailing list