mxit libpurple protocol
Andrew Victor
andrew.victor at mxit.com
Sun Apr 17 18:50:28 EDT 2016
hi,
I committed patches for the following issues so far:
TALOS-CAN-0141 -- Validate mood
TALOS-CAN-0134 -- Table markup - g_strsplit
TALOS-CAN-0133 -- Table markup - missing required fields
TALOS-CAN-0128 -- Splash screen
TALOS-CAN-0118 -- Stage 3 read error
TALOS-CAN-0122 is a deficiency in way the the Mxit client protocol is
currently designed.
It affects all released versions of Mxit, on all platforms. Therefore this
issue cannot be "fixed" by making a libPurple/Pidgin change.
Regards,
Andrew Victor
On Fri, Apr 15, 2016 at 5:28 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Andrew Victor spake unto us the following wisdom:
> > Great, I got it.
> >
> > How do we proceed?
> > I assume you don't want fixes for these pushed into the mercurial repo
> > right now.
>
> No! We'll have to do a coordinated release for this.
>
> I'm not 100% sure what our plan is going to be for private releases
> now that we're primarily managing repositories on bitbucket; we still
> have a private repo on hg.pidgin.im, but probably we're not going to
> use it. We'll have to discuss that.
>
> In the meantime, I would suggest committing one patch per directory in
> the repository I sent you, and dropping a note to security at pidgin.im.
> That lets us figure out process in parallel with getting the bugs
> fixed.
>
> This isn't our only pending security notification right now (although
> it's the worst), so I imagine we'll be pushing a 2.11 Soon. Changes
> to the 3.0 tree are (in my opinion) not as important, as "regular
> users" shouldn't be exposed to those bugs; let's get the 2.x.y tree
> fixed up, then port forward to 3.0 once there's a coordinated release.
>
> Ethan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160418/034f6d79/attachment.html>
More information about the security
mailing list