some important fixes are release on today http://developer.pidgin.im/wiki/ChangeLog Reproducible: Always Steps to Reproduce:
There is no release yet. Please, reopen as soon as something appears on upstream website.
Reassigning to security, this will probably be a 2-step process.
New version was just added to the tree. Arch teams, please, stabilize.
* Failed Patch: pidgin-2.7.3-ldflags.patch ! * ( /usr/portage/net-im/pidgin/files/pidgin-2.7.3-ldflags.patch ) I suppose this was fixed upstream? Excerpt from ChangeLog: * Perl bindings now respect LDFLAGS. (Peter Volkov, Markos Chandras) (#12638)
(In reply to comment #4) > * Failed Patch: pidgin-2.7.3-ldflags.patch ! > * ( /usr/portage/net-im/pidgin/files/pidgin-2.7.3-ldflags.patch ) > > I suppose this was fixed upstream? > > Excerpt from ChangeLog: > * Perl bindings now respect LDFLAGS. (Peter Volkov, Markos Chandras) (#12638) > I comment this patch and it works ok for me on amd64
x86 stable
alpha/ia64/sparc stable
ppc/ppc64 stable
amd64 done. Thanks Agostino
Stable for HPPA.
Thanks, everyone. GLSA Vote: no.
Vote: no, closing noglsa.
CVE-2011-4922 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4922): cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.