FYI this is the patch that would have to be backported:
http://developer.pidgin.im/viewmtn/revision/info/18f2f94b625542348af0049e0132a83a1c58aef6
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.5) - use
Package: pidgin
Severity: grave
Tags: security patch
The following vulnerability had been reported against pidgin:
http://pidgin.im/news/security/?id=61
The patch can be found in the report.
Please use CVE-2012-1178 for this issue. Can you check if stable is also
affected?
Cheers,
luciano
It does appear that squeeze's libpurple0 is affected by this, though the
patch doesn't apply cleanly.
Technically, the possible crash is in the client code, and I don't think
pidgin or finch exhibit this behavior; the original bug was against
Adium for OS X, based on libpurple.
I don't think
4 matches
Mail list logo
