On 04/01/12 17:04, Antoine Pitrou wrote:
Hello,
Not sure I'm missing something, but when there's a software upgrade
available (either in rpmdrake, or in the update manager), say today's
Pidgin:
Version : 2.10.1-1.mga1
Version actuellement installée : 2.10.0-1.1.mga1
the changelog doesn't display specifically the changes for that update:
* dim. 11 déc. 2011 13:00:00 CET fwang<fwang> 2.10.1-1.mga1
+ Revision: 180554
- new version 2.10.1
fix CVE-2011-3594: UTF-8 validating incoming messages before
passing them to glib or libpurple Fix a memory leak when
admitting UTF-8 text with a non-UTF-8 primary encoding Fix
crashes and memory leaks when receiving malformed voice and
video requests
+ dmorgan<dmorgan>
- New version 2.10.0
* mar. 29 mars 2011 14:00:00 CEST dams<dams> 2.7.11-1.mga1
[etc.]
How am I supposed to know what changed between 2.10.0-1.1.mga1 (the
installed version) and 2.10.1-1.mga1 (the proposed upgrade)? This
happens with many/most packages, btw, not just Pidgin.
(would be useful, wouldn't it ? :-))
Thanks
Antoine.
There is a more detailed advisory written for each update but it
currently isn't shown in MageiaUpdate.
You can subscribe to the Updates Announce mailing list
[email protected]
here
https://ml.mageia.org/wwsympa-wrapper.fcgi/info/updates-announce
Or maybe even join one of the teams and become involved in the updates
process as it happens - recommended :D (QA Team)
An example from the updates-announce ML
---------------
This update addresses the following CVE:
- CVE-2011-3594: UTF-8 validating incoming messages before passing them
to glib or libpurple
other fixes in this release:
Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary
encoding
Fix crashes and memory leaks when receiving malformed voice and video
requests
https://bugs.mageia.org/show_bug.cgi?id=3894
---------------------
Claire
