Additional Security issues

Daniel Atallah daniel.atallah at
Tue Feb 5 17:51:07 EST 2013

On Tue, Feb 5, 2013 at 5:37 PM, Mark Doliner <mark at> wrote:
> Thanks for sending these out!  I'll try to take a look soon.
> These aren't public knowledge yet, right?  I think I'd still prefer to
> do a release within the next week or so with the two MXit fixes and
> with updated CA certs, and then do another release later and include
> fixes for:
> - these issues
> - yahoo failure to validate utf8
> - possibly fix the pango MS Windows crash with some characters

Correct, they're not public.

I guess it seems preferable to me to have a release that addresses all
known CVEs instead of releasing early to address only a subset and
having yet another follow security release (I'm assuming that at this
point none of these are public).

Is the urgency related to the CA cert?


More information about the security mailing list