Upcoming Pidgin security disclosures and 2.10.1

Mark Doliner mark at kingant.net
Sat Dec 10 15:22:36 EST 2011


FYI we just pushed the fixes to our source repo, released Pidgin
2.10.1, and posted security advisory blurbs on http://pidgin.im/

Tarballs:
https://sourceforge.net/projects/pidgin/files/Pidgin/2.10.1/

Advisory Blurbs:
SILC crash - CVE-2011-3594 - http://pidgin.im/news/security/?id=56
AIM/ICQ crash - CVE-2011-4601 - http://pidgin.im/news/security/?id=57
XMPP crash - (no CVE yet) - http://pidgin.im/news/security/?id=58

On Fri, Dec 9, 2011 at 2:20 AM, Jan Lieskovsky <jlieskov at redhat.com> wrote:
> i) first CVE -- XMPP/Jingle issue. Going to be assigned by Red Hat,
> iv) fourth CVE - SILC protocol channel messages UTF-8 deficiency. Going to
> be assigned by Red Hat once confirmed.

Jan and Huzaifa, we're still hoping you'll issue us a CVE for the XMPP
issue, and, if you feel it's a good idea, a second CVE for the SILC
issue.

Thanks,
Mark



More information about the Packagers mailing list