pidgin.im Needs Major Security Update: CVE-2014-0224
daniel.atallah at gmail.com
Sun Jun 15 16:25:27 EDT 2014
On Sat, Jun 14, 2014 at 1:48 AM, Kevin Stange <kstange at pidgin.im> wrote:
> On 06/13/2014 11:08 PM, Daniel Atallah wrote:
> > On Jun 13, 2014 11:52 PM, "Elliott Sales de Andrade" <qulogic at pidgin.im
> > <mailto:qulogic at pidgin.im>> wrote:
> >> Hi Daniel,
> >> Can you also check into d.p.i as well? It's supposedly
> > vulnerable-but-maybe-not-exploitable...
> > I already did.
> > We'll need to wait until Debian squeeze has updated openssl packages.
> Squeeze is EOL, so there will not be any updates for mainline squeeze,
> but there is an LTS effort that comes from another repository. Do we
> have this in sources.list?
> Alternative, of course, is to dist-upgrade to Wheezy.
I upgraded nicobar to wheezy to address this.
I also took the opportunity to apply a minor upgrade to Trac.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security