Date: Mon, 19 Mar 2012 10:26:43 +1100 From: Peter Jeremy <peterjeremy@acm.org> To: Joe Marcus Clarke <marcus@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/net-im/libpurple Makefile distinfo Message-ID: <20120318232643.GA17480@server.vk2pj.dyndns.org> In-Reply-To: <201203181700.q2IH0Zf5068751@repoman.freebsd.org> References: <201203181700.q2IH0Zf5068751@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Mar-18 17:00:35 +0000, Joe Marcus Clarke <marcus@FreeBSD.org> wrote: >marcus 2012-03-18 17:00:35 UTC > > FreeBSD ports repository > > Modified files: > net-im/libpurple Makefile distinfo=20 > Log: > Update to 2.10.2. See http://developer.pidgin.im/wiki/ChangeLog for a > list of changes in this release. Based on Mandriva security advisory MDVSA-2012:029, this appears to also fix CVE-2012-1178 (it's not clear to me whether the fix is in pidgin or libpurple). That advisory also lists CVE-2011-4939 that is fixed in pidgin 2.10.2 - do you have any plans to upgrade that port? (And a recent SANS @RISK also listed CVE-2012-1257 - which is fixed in libpurple/pidgin 2.10.1) These should probably all be listed in vuxml. --=20 Peter Jeremy --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk9mbzMACgkQ/opHv/APuIe1PwCePRko+Y4qJ1m4lVAkBkD4qcPx yqkAn0sZ0DGgsXPJZKDE1hYm1JlKmmd9 =ae+H -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120318232643.GA17480>