Remote crashes being fixed in 2.6.2
Ethan Blanton
elb at pidgin.im
Wed Sep 9 21:03:17 EDT 2009
Josh Bressers spake unto us the following wisdom:
> I think using 2.6.2 as an example works in this instance. The update
> came out before the packages list knew, and none of them had CVE ids.
This is definitely confusing to me. It seemed to me that 2.6.2 was
*well* discussed before it occurred, the packages were just a day or
two later than we originally intended. Certainly there were CVEs
flying around for a number of issues before the release (including the
IRC exploit mentioned by warren that received a Red Hat CVE on the
spot).
> One could even use 2.6.0 as an example. There wasn't near the
> colaboration on the patch as there could have been. I was unfortunatly
> away during that cycle, but normally I would have been happy to help
> test/very the fix is what was needed.
I can't speak to this, I wasn't even aware of it until 2.6.0 was out
the door. (Assuming this is the XMPP TLS negotiation bug.) That's
possibly an indication of a problem. ;-)
> In general, yes the right thing is done, and I'm quite happy with
> Pidgin upstream. If you don't want my help, I'll head back into the
> shadows and only jump out when needed :)
I for one am glad that someone thinks we're doing something right --
and no, we want the feedback, don't go away. ;-)
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20090909/3494be06/attachment.pgp>
More information about the Packagers
mailing list