Remote crashes being fixed in Pidgin 2.6.6
mark at kingant.net
Mon Feb 15 01:09:04 EST 2010
On Sun, Feb 14, 2010 at 1:16 PM, Ari Pollak <ari at debian.org> wrote:
> Mark Doliner wrote:
>> On Sun, Feb 14, 2010 at 12:31 PM, Ari Pollak <ari at debian.org> wrote:
>>> Mark Doliner wrote:
>>>> * We're working on 3 separate issues
>>>> * I wouldn't consider any of them public knowledge yet
>>> Is there a CVE # for the third issue yet?
> Also, it looks like the MSN SLP patch isn't straightforward to apply
> onto slp.c from 2.4.3. Is that version thought to be vulnerable, or do
> the msn_slp_sip_recv() changes not matter?
I don't know if that version is vulnerable. I suspect that it is. If
so, similar changes would probably need to be made to
msn_slp_sip_recv() in that version.
More information about the Packagers