Pidgin 2.10.1

John Bailey rekkanoryo at rekkanoryo.org
Mon Dec 5 20:34:26 EST 2011


On 12/05/2011 08:14 PM, Mark Doliner wrote:
<snip>
> So there's an open question of how we want to deal with future SILC
> remote-crashers.  I'm inclined to not go through our standard
> disclosure process for them, because I don't think enough people use
> the SILC protocol to justify the work involved.  But I really have no
> idea how many people use SILC.  We also may want to consider removing
> the SILC PRPL.  I believe Debian no longer ships prpl-silc, and has
> removed libsilc from their distribution because it's "orphaned"
> (http://bugs.debian.org/638608  http://bugs.debian.org/629222
> http://bugs.debian.org/629226).

This has traveled downstream to Ubuntu and its derivatives, as well.

At this point, my inclination is to leave the plugin and fix any vulnerabilities
as best we can.  If we come across a vulnerability that we can't fix, kill the
plugin.

John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20111205/85f53f81/attachment.pgp>


More information about the security mailing list