[Pidgin] #7130: The Pidgin project is distributing an outdated/insecure GTK+ runtime
Pidgin
trac at pidgin.im
Thu Sep 18 23:24:47 EDT 2008
#7130: The Pidgin project is distributing an outdated/insecure GTK+ runtime
---------------------------+------------------------------------------------
Reporter: aloishammer | Owner: datallah
Type: defect | Status: new
Milestone: | Component: winpidgin (gtk)
Version: 2.5.1 | Resolution:
Keywords: security gtk+ |
---------------------------+------------------------------------------------
Comment(by datallah):
There is no GTK+ 2.18 or 2.16
GTK+ 2.14 was only released a few days ago, but there are known
significant leaks on win32 and I don't think it is ready for us to use.
The glib vulnerabilities do not impact us, nor do any freetype issues, nor
does the more serious libpng issue. I'm reasonably sure that the tiff
issue isn't remotely exploitable as no protocols use tiff.
The other minor libpng issue will be addressed with the upgraded version.
If an updated libtiff is available by then, we will include that too.
As I mentioned earlier we're upgrading to GTK+ 2.12.12 with upgraded
libpng and freetype with the next release, I'll make a test installer
available before too long.
--
Ticket URL: <http://developer.pidgin.im/ticket/7130#comment:4>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list