pidgin.im Needs Major Security Update: CVE-2014-0224
Kevin Stange
kstange at pidgin.im
Sat Jun 14 01:48:15 EDT 2014
On 06/13/2014 11:08 PM, Daniel Atallah wrote:
>
> On Jun 13, 2014 11:52 PM, "Elliott Sales de Andrade" <qulogic at pidgin.im
> <mailto:qulogic at pidgin.im>> wrote:
>>
>> Hi Daniel,
>>
>> Can you also check into d.p.i as well? It's supposedly
> vulnerable-but-maybe-not-exploitable...
>
> I already did.
> We'll need to wait until Debian squeeze has updated openssl packages.
Squeeze is EOL, so there will not be any updates for mainline squeeze,
but there is an LTS effort that comes from another repository. Do we
have this in sources.list?
https://wiki.debian.org/LTS/Using
Alternative, of course, is to dist-upgrade to Wheezy.
The update for OpenSSL is available, as noted here:
https://lists.debian.org/debian-lts-announce/2014/06/msg00002.html
Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140614/6a7ff468/attachment.sig>
More information about the security
mailing list