http://developer.pidgin.im/wiki/ChangeLog new release Reproducible: Always
Created attachment 265585 [details, diff] Remove startup-notification dep Pidgin uses gtk+ startup notification now: https://developer.pidgin.im/viewmtn/revision/info/dcc3c3a8e9e0b20c1df07ac43e93d6c3c1030c17
Thank you tman. New version is in the tree. Arch teams, please, stabilize.
amd64 ok
Tested on SPARC, works nicely with IRC. Could stabilise.
ppc/ppc64 stable
x86 stable
amd64 done. Thanks Agostino
Stable on alpha.
Stable for HPPA.
ia64/sparc stable
Thanks, folks. GLSA Vote: no.
CVE-2011-1091 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1091): libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
CVE-2010-3711 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3711): libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.
voting no too, and closing.