pidgin.im Needs Major Security Update: CVE-2014-0224

Daniel Atallah daniel.atallah at gmail.com
Sun Jun 15 16:25:27 EDT 2014


On Sat, Jun 14, 2014 at 1:48 AM, Kevin Stange <kstange at pidgin.im> wrote:

> On 06/13/2014 11:08 PM, Daniel Atallah wrote:
> >
> > On Jun 13, 2014 11:52 PM, "Elliott Sales de Andrade" <qulogic at pidgin.im
> > <mailto:qulogic at pidgin.im>> wrote:
> >>
> >> Hi Daniel,
> >>
> >> Can you also check into d.p.i as well? It's supposedly
> > vulnerable-but-maybe-not-exploitable...
> >
> > I already did.
> > We'll need to wait until Debian squeeze has updated openssl packages.
>
> Squeeze is EOL, so there will not be any updates for mainline squeeze,
> but there is an LTS effort that comes from another repository.  Do we
> have this in sources.list?
>
> https://wiki.debian.org/LTS/Using
>
> Alternative, of course, is to dist-upgrade to Wheezy.
>
>
I upgraded nicobar to wheezy to address this.

I also took the opportunity to apply a minor upgrade to Trac.

-D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140615/81508296/attachment.html>


More information about the security mailing list