On Fri, Jul 27, 2012 at 06:21:48AM -0400, Justin Ferguson wrote: > While, I personally, don't feel an advisory is warranted, it seems > like if at least a CVE is not obtained that the vendors themselves are > lackadaisical about upgrading their packages, as such and due to the > fact that the original posting was obscure, the following 'advisory' > is included. There is no further actionable information from the > viewpoint of the OTR developers, this is strictly for reference by > Mitre et al.
If packagers want to incorporate the fix into libotr 3.2.0 before the next release, they should pull from the 3.2_dev branch on git. (From tag release_3_2_0 to the 3.2_dev head.) http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=log;h=refs/heads/3.2_dev Thanks, - Ian _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
