purple_util_fetch_url vulnerability

Mark Doliner mark at kingant.net
Mon Feb 11 23:50:47 EST 2013

On Mon, Feb 11, 2013 at 8:06 PM, Daniel Atallah
<daniel.atallah at gmail.com> wrote:
> I assume we don't want to try to delay 2.10.7 to address this,

Yeah, it doesn't make sense to delay 2.10.7.

> but it probably means that we'll be releasing again soon :(

That's ok, we'll want to do another release in the not-too-distant
future to fix the Yahoo! failure to validate utf8 bugs, and possibly
patch pango on Windows to not crash with certain characters (though we
don't really need to do this as a point release, and we don't need to
notify packagers since it's Windows-only).

More information about the security mailing list