security review and patches for libpurple

Evan Schoenberg evan at
Mon Jul 18 12:52:33 EDT 2011

On Jul 18, 2011, at 11:14 AM, Ethan Blanton <elb at> wrote:

> Jacob Appelbaum spake unto us the following wisdom:
>>> With that in mind, I'd like to ask again if there are any objections
>>> to my committing these patches to ipp without embargo or a coordinated
>>> release.  If not, I will land them some time tomorrow.  If anyone even
>>> simply thinks we should wait a few days or get additional input before
>>> landing them, that's fine, too.
>> I would really strongly encourage you to co-ordinate with the Adium
>> folks. It seems to me that they're behind on libpurple updates and any
>> new security releases that don't go into Adium may cause Mac OS X users
>> major trouble.
> I appreciate that input.  There are several Adium developers on the
> security at contact list, so they are in the loop on this

I apologize; I mixed up security threads. I was referring to the IRC whois issue. 

Integration of the larger patch set, which is being applied only against im.pidgin.pidgin as I understand it, will be a somewhat more complicated issue but we will work to make it happen in coordination based on timing for Pidgin's release as it's discussed here. 


> Ethan
> _______________________________________________
> security mailing list
> security at

More information about the security mailing list