David Balažic spake unto us the following wisdom: > David Woolley wrote: > > Can you confirm that you mean 2.7.10? (I don't think this > > will be any > > better than 2.7.9, as it is only a security fix.) > > 2.7.10 is out? > It is a security fix? > Since sunday? > No announcement was made on the list? > Relese notification plugin does not see it as worth of mentioning? > Why do I even bother?
Don't get all of your information from support@, you'll often be sorely mistaken. 2.7.10 was released this past weekend. It *does* contain a security fix, but it's not one you should need to worry about. The bug it fixes is not remotely exploitable, cannot crash Pidgin, and does not divulge any information. It's just a cleanup which causes intermediate password computations used during login to be stored in memory for a shorter period of time. It also contains many other things, this release was *not* made for the security fix, and the release is *not* only a security fix. However, none of the fixes are particularly critical for most users. The release notification plugin will be updated soon. This release wasn't critical enough to warrant rushing out and plugging it right in. Someone who knows how to update that mechanism will take care of it in time. And ... I'm not sure why you do or don't bother with what. I didn't understand that comment. This really isn't a big deal. Ethan
signature.asc
Description: Digital signature
_______________________________________________ [email protected] mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
