From owner-cvs-ports@FreeBSD.ORG Sun Mar 18 23:26:53 2012 Return-Path: Delivered-To: cvs-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F4FF1065673; Sun, 18 Mar 2012 23:26:53 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from mail16.syd.optusnet.com.au (mail16.syd.optusnet.com.au [211.29.132.197]) by mx1.freebsd.org (Postfix) with ESMTP id 2DC378FC08; Sun, 18 Mar 2012 23:26:52 +0000 (UTC) Received: from server.vk2pj.dyndns.org (c220-239-116-103.belrs4.nsw.optusnet.com.au [220.239.116.103]) by mail16.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id q2INQiof026682 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 19 Mar 2012 10:26:45 +1100 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.5/8.14.4) with ESMTP id q2INQh6V017591; Mon, 19 Mar 2012 10:26:43 +1100 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.5/8.14.4/Submit) id q2INQhIr017590; Mon, 19 Mar 2012 10:26:43 +1100 (EST) (envelope-from peter) Date: Mon, 19 Mar 2012 10:26:43 +1100 From: Peter Jeremy To: Joe Marcus Clarke Message-ID: <20120318232643.GA17480@server.vk2pj.dyndns.org> References: <201203181700.q2IH0Zf5068751@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline In-Reply-To: <201203181700.q2IH0Zf5068751@repoman.freebsd.org> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.21 (2010-09-15) Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/net-im/libpurple Makefile distinfo X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Mar 2012 23:26:53 -0000 --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Mar-18 17:00:35 +0000, Joe Marcus Clarke wrote: >marcus 2012-03-18 17:00:35 UTC > > FreeBSD ports repository > > Modified files: > net-im/libpurple Makefile distinfo=20 > Log: > Update to 2.10.2. See http://developer.pidgin.im/wiki/ChangeLog for a > list of changes in this release. Based on Mandriva security advisory MDVSA-2012:029, this appears to also fix CVE-2012-1178 (it's not clear to me whether the fix is in pidgin or libpurple). That advisory also lists CVE-2011-4939 that is fixed in pidgin 2.10.2 - do you have any plans to upgrade that port? (And a recent SANS @RISK also listed CVE-2012-1257 - which is fixed in libpurple/pidgin 2.10.1) These should probably all be listed in vuxml. --=20 Peter Jeremy --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk9mbzMACgkQ/opHv/APuIe1PwCePRko+Y4qJ1m4lVAkBkD4qcPx yqkAn0sZ0DGgsXPJZKDE1hYm1JlKmmd9 =ae+H -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--