On Samstag 23 Mai 2009, Daniel Iliev wrote: > Hi, > > Since I'm not familiar with Gentoo's practice in dealing with > security problems I got curious about the following case. > Yesterday a Secunia advisory [1] about pidgin was brought to my > attention. The solution offered by the up-streams is upgrading to > version 2.5.6, while the latest version in portage is "~2.5.5-r1". > > As I see it, there are three possibilities: > 1) even older, the version in Gentoo is not affected, because the > maintainers had taken care of it (too optimistic?) > 2) Gentoo installations are still vulnerable to the bugs described in > the advisory and nobody knows about it (quite disturbing) > 3) Gentoo maintainers are working on it, but still not ready > > Which one is it? > > > [1] [SA35194] http://secunia.com/advisories/35194/
subscribe to gentoo-announce read changelogs don't forget that it takes a while until all mirrors have that change.