Getting Pidgin 2.10.10 out the door

Daniel Atallah daniel.atallah at
Fri Oct 3 11:05:46 EDT 2014

We've been sitting on some vulnerabilities for quite a long time - it's
time for a release.

Here are the things that are committed and I think need CVEs for:

* VRT-2014-0203 - Pidgin libpurple Mxit Emoticon ASN Length Denial of
Service Vulnerability:
* VRT-2014-0205 - Pidgin libpurple Novell Protocol Multiple Denial of
Service Vulnerabilities:
* VRT-2014-0205 - Pidgin Theme/Smiley Untar Arbitrary File Write

Outstanding stuff:

* SSL certificate chain validation issues
* "libpurple gadu-gadu issues" thread

What else is outstanding?
Are there additional bugs we need to fix or patches we should apply?

How about targeting 10/15 for the release? Can we get the outstanding stuff
done by then?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security mailing list