new version released. please bump http://developer.pidgin.im/wiki/ChangeLog Reproducible: Always
Fixed: * Fix a potential remote denial-of-service bug related to displaying buddy icons.
(In reply to comment #0) > new version released. please bump > Thank you for the report, tman.
New version is in the tree. Arch teams, please, test and stabilize. TIA.
It requires: =net-libs/libgadu-1.11.0, advise from maintainer?
I'm not a pidgin guru, but when I open: (18:49:22) pounce: Error reading pounces: Failed to open file '/home/ago/.purple/pounces.xml': No such file or directory (18:49:22) gtkutils: gdk_pixbuf_new_from_file() returned nothing for file /usr/share/icons/hicolor/scalable/apps/pidgin.svg: Couldn't recognize the image file format for file '/usr/share/icons/hicolor/scalable/apps/pidgin.svg' Are they expected? And from build log: /bin/sh ../../../libtool --silent --tag=CC --mode=compile x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../.. -I../../../libpurple -I../../../libpurple -DLIBDIR=\"/usr/lib64/purple-2\" -Wall -DPURPLE_DISABLE_DEPRECATED -DPIDGIN_DISABLE_DEPRECATED -DFINCH_DISABLE_DEPRECATED -DGNT_DISABLE_DEPRECATED -Waggregate-return -Wcast-align -Wdeclaration-after-statement -Wendif-labels -Werror-implicit-function-declaration -Wextra -Wno-sign-compare -Wno-unused-parameter -Wformat-security -Werror=format-security -Winit-self -Wmissing-declarations -Wmissing-noreturn -Wmissing-prototypes -Wpointer-arith -Wundef -Wp,-D_FORTIFY_SOURCE=2 -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/lib64/perl5/5.12.3/x86_64-linux-thread-multi/CORE -g -march=native -O2 -g0 -MT perl-handlers.lo -MD -MP -MF .deps/perl-handlers.Tpo -c -o perl-handlers.lo perl-handlers.c Can you drop -pipe and -g? TY
amd64: net-libs/libgadu-1.11.0 suffers from a test failure atm. Otherwise emerged and seem to work
I tested libgadu and pidgin on x86. All good here.
Stable for HPPA.
x86 stable. Thanks Andreas
amd64 stable
alpha/ia64/sparc stable
ppc64 done
ppc stable, last arch done
Thanks, folks. GLSA Vote: no.
Vote: YES. Added to pending GLSA request.
This issue was resolved and addressed in GLSA 201206-11 at http://security.gentoo.org/glsa/glsa-201206-11.xml by GLSA coordinator Stefan Behte (craig).