Getting Pidgin 2.10.10 out the door
daniel.atallah at gmail.com
Fri Oct 3 11:05:46 EDT 2014
We've been sitting on some vulnerabilities for quite a long time - it's
time for a release.
Here are the things that are committed and I think need CVEs for:
* VRT-2014-0203 - Pidgin libpurple Mxit Emoticon ASN Length Denial of
* VRT-2014-0205 - Pidgin libpurple Novell Protocol Multiple Denial of
* VRT-2014-0205 - Pidgin Theme/Smiley Untar Arbitrary File Write
* SSL certificate chain validation issues
* "libpurple gadu-gadu issues" thread
What else is outstanding?
Are there additional bugs we need to fix or patches we should apply?
How about targeting 10/15 for the release? Can we get the outstanding stuff
done by then?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security