Daniel Iliev wrote:
> Hi,
>
> Since I'm not familiar with Gentoo's practice in dealing with
> security problems I got curious about the following case.
> Yesterday a Secunia advisory [1] about pidgin was brought to my
> attention. The solution offered by the up-streams is upgrading to
> version 2.5.6, while the latest version in portage is "~2.5.5-r1".
>
> As I see it, there are three possibilities:
> 1) even older, the version in Gentoo is not affected, because the
> maintainers had taken care of it (too optimistic?)
> 2) Gentoo installations are still vulnerable to the bugs described in
> the advisory and nobody knows about it (quite disturbing)
> 3) Gentoo maintainers are working on it, but still not ready
>
> Which one is it?
>
>
> [1] [SA35194] http://secunia.com/advisories/35194/
>
>
>
It's in portage, sync your tree and check again. I just installed Pidgin
2.5.6 last night.