New release 2.12.0 for security issue
Gary Kramlich
grim at reaperworld.com
Thu Mar 9 20:54:04 EST 2017
Pidgin 2.12.0 tarballs can be found at
https://bitbucket.org/pidgin/main/downloads/
.tar.bz2
https://bitbucket.org/pidgin/main/downloads/pidgin-2.12.0.tar.bz2
https://bitbucket.org/pidgin/main/downloads/pidgin-2.12.0.tar.bz2.asc
.tar.gz
https://bitbucket.org/pidgin/main/downloads/pidgin-2.12.0.tar.gz
https://bitbucket.org/pidgin/main/downloads/pidgin-2.12.0.tar.gz.asc
On Tue, Feb 28, 2017 at 10:28 PM, Gary Kramlich <grim at reaperworld.com> wrote:
> All,
>
> We will be releasing Pidgin 2.12.0 on 20170310 at 0200 UTC which is
> our embargo date. This is a normal release with a fixed security
> issue. A CVE has been requested, but I have not heard back by the
> time of this writing.
>
> The issue that has been fixed in the release is an out of bound memory
> access when a server sends invalid XML. I do not yet have the
> tarballs built but we should have them in the next few days (we're
> waiting on one more patch for the release).
>
> Thanks,
>
> --
> Gary Kramlich <grim at reaperworld.com>
--
Thanks,
--
Gary Kramlich <grim at reaperworld.com>
More information about the Packagers
mailing list