New release 2.12.0 for security issue

Gary Kramlich grim at
Tue Feb 28 23:28:52 EST 2017


We will be releasing Pidgin 2.12.0 on 20170310 at 0200 UTC which is
our embargo date. This is a normal release with a fixed security
issue.  A CVE has been requested, but I have not heard back by the
time of this writing.

The issue that has been fixed in the release is an out of bound memory
access when a server sends invalid XML.  I do not yet have the
tarballs built but we should have them in the next few days (we're
waiting on one more patch for the release).


Gary Kramlich <grim at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.12.0-xml-out-of-bounds.patch
Type: text/x-patch
Size: 1113 bytes
Desc: not available
URL: <>

More information about the Packagers mailing list