mxit libpurple protocol

Andrew Victor andrew.victor at
Sun Apr 17 18:50:28 EDT 2016


I committed patches for the following issues so far:

TALOS-CAN-0141        -- Validate mood
TALOS-CAN-0134        -- Table markup - g_strsplit
TALOS-CAN-0133        -- Table markup - missing required fields
TALOS-CAN-0128        -- Splash screen
TALOS-CAN-0118        -- Stage 3 read error

TALOS-CAN-0122 is a deficiency in way the the Mxit client protocol is
currently designed.
It affects all released versions of Mxit, on all platforms.  Therefore this
issue cannot be "fixed" by making a libPurple/Pidgin change.

  Andrew Victor

On Fri, Apr 15, 2016 at 5:28 PM, Ethan Blanton <elb at> wrote:

> Andrew Victor spake unto us the following wisdom:
> > Great, I got it.
> >
> > How do we proceed?
> > I assume you don't want fixes for these pushed into the mercurial repo
> > right now.
> No!  We'll have to do a coordinated release for this.
> I'm not 100% sure what our plan is going to be for private releases
> now that we're primarily managing repositories on bitbucket; we still
> have a private repo on, but probably we're not going to
> use it.  We'll have to discuss that.
> In the meantime, I would suggest committing one patch per directory in
> the repository I sent you, and dropping a note to security at
> That lets us figure out process in parallel with getting the bugs
> fixed.
> This isn't our only pending security notification right now (although
> it's the worst), so I imagine we'll be pushing a 2.11 Soon.  Changes
> to the 3.0 tree are (in my opinion) not as important, as "regular
> users" shouldn't be exposed to those bugs; let's get the 2.x.y tree
> fixed up, then port forward to 3.0 once there's a coordinated release.
> Ethan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security mailing list