MXit security flaws

Mark Doliner mark at kingant.net
Wed Jan 30 04:18:17 EST 2013


On Tue, Jan 29, 2013 at 1:56 PM, Andrew Victor <Andrew.Victor at mxit.com> wrote:
> All the necessary MXit fixes are now applied to release-2.x.y (except the http security patch one).

And just to confirm, I'll take care of committing the security patch
shortly before releasing.

> This fix <http://hg.pidgin.im/pidgin/main/rev/f7b7a6c58ad3> should also be applied to 2.10.7.  Without it Pidgin occasionally crashes or freezes when closing the conversation window.

I'm planning on cutting the release straight from the release-2.x.y
branch, so this fix should be included.

> There is also what I am guessing is a GTK issue with drop-down lists(purple_request_field_list).
> If you look at the attached screenshot, the "Your Country" and "Your Language" should display a list for the user to select an option - but the list element is being drawn with a 0-pixel (or very very small) height.
> This happens on Ubuntu 12.04 (GTK 2.24.10), but not Ubuntu 10.04 (GTK 2.20.1)

For what it's worth I wasn't able to reproduce that on Ubuntu 12.10
(GTK 2.24.13) just now.  I wonder if that was a bug in GTK that got
fixed between 2.24.10 and 2.24.13?


More information about the security mailing list