pidgin.im Needs Major Security Update: CVE-2014-0224
William Rolison
williamrolison at gmail.com
Sat Jun 14 14:39:38 EDT 2014
Awsome, thanks guys.
Nicely done, thanks for such a quick response and fix.
Now that's taking security seriously. :D
On 6/14/14, Kevin Stange <kstange at pidgin.im> wrote:
> On 06/13/2014 11:08 PM, Daniel Atallah wrote:
>>
>> On Jun 13, 2014 11:52 PM, "Elliott Sales de Andrade" <qulogic at pidgin.im
>> <mailto:qulogic at pidgin.im>> wrote:
>>>
>>> Hi Daniel,
>>>
>>> Can you also check into d.p.i as well? It's supposedly
>> vulnerable-but-maybe-not-exploitable...
>>
>> I already did.
>> We'll need to wait until Debian squeeze has updated openssl packages.
>
> Squeeze is EOL, so there will not be any updates for mainline squeeze,
> but there is an LTS effort that comes from another repository. Do we
> have this in sources.list?
>
> https://wiki.debian.org/LTS/Using
>
> Alternative, of course, is to dist-upgrade to Wheezy.
>
> The update for OpenSSL is available, as noted here:
>
> https://lists.debian.org/debian-lts-announce/2014/06/msg00002.html
>
> Kevin
>
>
--
_________________________________
Contact Info:
Name: William Rolison
E-Mail: williamrolison at gmail.com
Cell Phone: (803) 753-8824
More information about the security
mailing list