New release 2.12.0 for security issue

Gary Kramlich grim at reaperworld.com
Thu Mar 9 20:54:04 EST 2017


Pidgin 2.12.0 tarballs can be found at
https://bitbucket.org/pidgin/main/downloads/

.tar.bz2
https://bitbucket.org/pidgin/main/downloads/pidgin-2.12.0.tar.bz2
https://bitbucket.org/pidgin/main/downloads/pidgin-2.12.0.tar.bz2.asc

.tar.gz
https://bitbucket.org/pidgin/main/downloads/pidgin-2.12.0.tar.gz
https://bitbucket.org/pidgin/main/downloads/pidgin-2.12.0.tar.gz.asc

On Tue, Feb 28, 2017 at 10:28 PM, Gary Kramlich <grim at reaperworld.com> wrote:
> All,
>
> We will be releasing Pidgin 2.12.0 on 20170310 at 0200 UTC which is
> our embargo date. This is a normal release with a fixed security
> issue.  A CVE has been requested, but I have not heard back by the
> time of this writing.
>
> The issue that has been fixed in the release is an out of bound memory
> access when a server sends invalid XML.  I do not yet have the
> tarballs built but we should have them in the next few days (we're
> waiting on one more patch for the release).
>
> Thanks,
>
> --
> Gary Kramlich <grim at reaperworld.com>



-- 
Thanks,

--
Gary Kramlich <grim at reaperworld.com>



More information about the Packagers mailing list