Remote crash in Finch

Ethan Blanton elb at pidgin.im
Tue Feb 9 13:03:44 EST 2010


Sadrul Habib Chowdhury spake unto us the following wisdom:
> How do we deal with this issue? From the looks of things, it appears
> the remote exploitability in finch is still 'unknown', and we can
> probably get away with a scheduled release of 2.6.6 in a week's time. In
> the meantime, I believe we should request for a CVE# and notify the
> packagers?

Agreed on all points, assuming we actually release 2.6.6 in a timely
fashion.

Josh Bressers can issue us a CVE on the spot for non-disclosed issues,
and (I believe) he is on packagers at .

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100209/1aa7eaf3/attachment.pgp>


More information about the security mailing list