>From upstream: A patch for the file upload vulnerability can be found in 4be2df4f, 3d02401c, and c64a1adc [1, 2, & 3]. The fix itself is in [3], but depends on the first two to apply properly (and clean up memory correctly).
As a note, when backporting the patch to anything older than 2.6.0, the use of purple_strequal will need to be changed. I just requested a CVE. ~Paul [1] http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f [2] http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 [3] http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
