ChangeLog: * General o Fix a crash when performing DNS queries on Unixes that use the blocking DNS lookups. (Brian Lu) * AIM and ICQ o Fix a crash when some clients send contacts in a format we don't understand. o Fix blocking and other privacy lists. (Thanks to AOL) Security Fix: (http://pidgin.im/news/security/?id=41) Title: ICQ and maybe AIM remote crash Summary: A remote user can cause libpurple-based clients to crash Description: A specially crafted message can trigger an incorrect memory access in the oscar protocol plugin which can lead to a crash. This happens when the SIM IM client attempts to send contacts to a libpurple user. Reproducible: Always
It has been bumped, moving over to security for security bug
Arches, please test and mark stable: =net-im/pidgin-2.6.2 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Sorry, my tree wasn't new enough, so the tool got the wrong version. This is correct: Arches, please test and mark stable: =net-im/pidgin-2.6.3 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Stable on alpha, dragging a few necessary stabilizations along.
Stable for HPPA.
x86 stable
net-libs/farsight2-0.0.15 was stabilized but it requires net-libs/libnice-0.0.9 and it is still ~x86
amd64 stable
CVE-2009-3615 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3615): The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
ppc stable
*ping*
ppc64 done; i masked gstreamer use from pidgin which is what brought in farsight and subsequently libnice (which has a test failure).
ia64/sparc stable
GLSA vote: NO.
NO too, closing.
