pidgin.im Needs Major Security Update: CVE-2014-0224
Daniel Atallah
daniel.atallah at gmail.com
Sun Jun 15 10:12:30 EDT 2014
On Sat, Jun 14, 2014 at 7:48 PM, Luke Schierer <lschiere at pidgin.im> wrote:
> I don’t know about nicobar, but the other two should both be set up to
> track “stable” and not a particular release. I also typically include the
> back ports and volatile repositories.
>
> Luke
>
I'm going to dist-upgrade nicobar.
It'll probably mean some downtime for trac while I update everything to
work with the new python.
-D
>
> On Jun 14, 2014, at 01:48 EDT, Kevin Stange <kstange at pidgin.im> wrote:
>
> > On 06/13/2014 11:08 PM, Daniel Atallah wrote:
> >>
> >> On Jun 13, 2014 11:52 PM, "Elliott Sales de Andrade" <qulogic at pidgin.im
> >> <mailto:qulogic at pidgin.im>> wrote:
> >>>
> >>> Hi Daniel,
> >>>
> >>> Can you also check into d.p.i as well? It's supposedly
> >> vulnerable-but-maybe-not-exploitable...
> >>
> >> I already did.
> >> We'll need to wait until Debian squeeze has updated openssl packages.
> >
> > Squeeze is EOL, so there will not be any updates for mainline squeeze,
> > but there is an LTS effort that comes from another repository. Do we
> > have this in sources.list?
> >
> > https://wiki.debian.org/LTS/Using
> >
> > Alternative, of course, is to dist-upgrade to Wheezy.
> >
> > The update for OpenSSL is available, as noted here:
> >
> > https://lists.debian.org/debian-lts-announce/2014/06/msg00002.html
> >
> > Kevin
> >
> > _______________________________________________
> > security mailing list
> > security at pidgin.im
> > https://pidgin.im/cgi-bin/mailman/listinfo/security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140615/6b5a1ec3/attachment.html>
More information about the security
mailing list