Remotely-triggerable crash in libpurple

Mark Doliner mark at
Tue Jul 20 01:06:51 EDT 2010

On Mon, Jul 19, 2010 at 8:38 AM, Ethan Blanton <elb at> wrote:
> Tomas Hoger spake unto us the following wisdom:
>> Hi!
>> On Wed, 14 Jul 2010 01:18:24 -0700 Mark Doliner wrote:
>> > Public: no
>> > Embargo date: How does August 5th sound?  That gives us one week to
>> > finish making string changes, one week for translators to translate,
>> > and one week for us to give you the 2.7.2 tarball and let you prepare
>> > packages in advance.
>> We came across:
>> which seems to be based on:
>> So not really non-public any more.
> This is Not OK.  I'm now taking suggestions on how to make sure
> packagers understand their responsibilities.  :-P
> So ... maybe we should do a 2.7.2 with nothing but this patch;
> thoughts?


I think we should do a 2.7.2 now, with nothing but this patch.  August
5th is quite far away for a public crash bug that's so easy to
trigger.  We could string freeze now and give translators a week...
but that seems rushed, and doesn't give devs a chance to finish any
string changes that they may have in mind.

I'll start working on this now.  Packagers: since this is already
public, I guess you should feel free to apply this patch to your 2.7.1
packages and release to the world.  Our 2.7.2 will contain ONLY this
patch (and minor ChangeLog and NEWS updates)--so if you patch 2.7.1
then you can skip 2.7.2.

And should we still do a normal release on August 5th?  I could go
either way, but I'm mildly in favor.


More information about the Packagers mailing list