Getting Pidgin 2.10.10 out the door
Daniel Atallah
daniel.atallah at gmail.com
Fri Oct 3 11:05:46 EDT 2014
We've been sitting on some vulnerabilities for quite a long time - it's
time for a release.
Here are the things that are committed and I think need CVEs for:
* VRT-2014-0203 - Pidgin libpurple Mxit Emoticon ASN Length Denial of
Service Vulnerability:
* VRT-2014-0205 - Pidgin libpurple Novell Protocol Multiple Denial of
Service Vulnerabilities:
* VRT-2014-0205 - Pidgin Theme/Smiley Untar Arbitrary File Write
Vulnerability:
Outstanding stuff:
* SSL certificate chain validation issues
* "libpurple gadu-gadu issues" thread
What else is outstanding?
Are there additional bugs we need to fix or patches we should apply?
How about targeting 10/15 for the release? Can we get the outstanding stuff
done by then?
-D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20141003/b77a7064/attachment.html>
More information about the security
mailing list