security review and patches for libpurple
Jacob Appelbaum
jacob at appelbaum.net
Mon Jul 18 13:10:46 EDT 2011
On 07/18/2011 12:52 PM, Evan Schoenberg wrote:
> On Jul 18, 2011, at 11:14 AM, Ethan Blanton <elb at pidgin.im> wrote:
>
>> Jacob Appelbaum spake unto us the following wisdom:
>>>> With that in mind, I'd like to ask again if there are any
>>>> objections to my committing these patches to ipp without
>>>> embargo or a coordinated release. If not, I will land them
>>>> some time tomorrow. If anyone even simply thinks we should
>>>> wait a few days or get additional input before landing them,
>>>> that's fine, too.
>>>
>>> I would really strongly encourage you to co-ordinate with the
>>> Adium folks. It seems to me that they're behind on libpurple
>>> updates and any new security releases that don't go into Adium
>>> may cause Mac OS X users major trouble.
>>
>> I appreciate that input. There are several Adium developers on
>> the security at pidgin.im contact list, so they are in the loop on
>> this
>
> I apologize; I mixed up security threads. I was referring to the IRC
> whois issue.
>
> Integration of the larger patch set, which is being applied only
> against im.pidgin.pidgin as I understand it, will be a somewhat more
> complicated issue but we will work to make it happen in coordination
> based on timing for Pidgin's release as it's discussed here.
>
Is there any chance that Adium will simply move to the newest release of
libpurple soon? The newest libpurple also has a new proxy type
"Tor/Privacy" that is a security fix for users who use Tor with Adium. I
know many Adium (myself included) users who would like this fix/enhancement.
All the best,
Jacob
More information about the security
mailing list