mxit libpurple protocol
Ethan Blanton
elb at pidgin.im
Sun May 1 13:12:57 EDT 2016
Andrew Victor spake unto us the following wisdom:
> That is correct, the following are outstanding:
>
> TALOS-CAN-0119 -- HTTP Content-Length
> TALOS-CAN-0136 -- g_snprintf
> TALOS-CAN-0135 -- Avatar Chunk OOB
> TALOS-CAN-0138 -- Custom Resource Chunk OOB
> TALOS-CAN-0140 -- GetFile Chunk OOB
>
> I don't have an ETA for them yet - but an working on when I get time.
>
> What date did TALOS report them? ie, when is the 60 days?
April 14. But in order to meet the 60 days with coordinated release,
we'll have to have all of the fixes ready quite a bit in advance -- a
couple of weeks, anyway.
We can also ask for an extension, but I didn't get a clear answer on
how flexible they are about those 60 days.
We have one other security-related fix (not in mxit) we have to get
in, too, for which there is currently no patch.
Ethan
More information about the security
mailing list