New release 2.12.0 for security issue

Gary Kramlich grim at reaperworld.com
Tue Feb 28 23:28:52 EST 2017


All,

We will be releasing Pidgin 2.12.0 on 20170310 at 0200 UTC which is
our embargo date. This is a normal release with a fixed security
issue.  A CVE has been requested, but I have not heard back by the
time of this writing.

The issue that has been fixed in the release is an out of bound memory
access when a server sends invalid XML.  I do not yet have the
tarballs built but we should have them in the next few days (we're
waiting on one more patch for the release).

Thanks,

--
Gary Kramlich <grim at reaperworld.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.12.0-xml-out-of-bounds.patch
Type: text/x-patch
Size: 1113 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20170228/438857e9/attachment.bin>


More information about the Packagers mailing list