pidgin.im Needs Major Security Update: CVE-2014-0224
Luke Schierer
lschiere at pidgin.im
Sat Jun 14 19:48:24 EDT 2014
I don’t know about nicobar, but the other two should both be set up to track “stable” and not a particular release. I also typically include the back ports and volatile repositories.
Luke
On Jun 14, 2014, at 01:48 EDT, Kevin Stange <kstange at pidgin.im> wrote:
> On 06/13/2014 11:08 PM, Daniel Atallah wrote:
>>
>> On Jun 13, 2014 11:52 PM, "Elliott Sales de Andrade" <qulogic at pidgin.im
>> <mailto:qulogic at pidgin.im>> wrote:
>>>
>>> Hi Daniel,
>>>
>>> Can you also check into d.p.i as well? It's supposedly
>> vulnerable-but-maybe-not-exploitable...
>>
>> I already did.
>> We'll need to wait until Debian squeeze has updated openssl packages.
>
> Squeeze is EOL, so there will not be any updates for mainline squeeze,
> but there is an LTS effort that comes from another repository. Do we
> have this in sources.list?
>
> https://wiki.debian.org/LTS/Using
>
> Alternative, of course, is to dist-upgrade to Wheezy.
>
> The update for OpenSSL is available, as noted here:
>
> https://lists.debian.org/debian-lts-announce/2014/06/msg00002.html
>
> Kevin
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140614/1eaaccd2/attachment.sig>
More information about the security
mailing list