fixes two vulnerabilities announcement: http://pidgin.im/pipermail/devel/2012-May/010756.html
Manuel, thanks for reporting this. secunia advisory: https://secunia.com/advisories/49036/
+*pidgin-2.10.4 (28 May 2012) + + 28 May 2012; Julian Ospald <hasufell@gentoo.org> + -files/port-to-farstream-v5.patch, -pidgin-2.10.3-r100.ebuild, + +pidgin-2.10.4.ebuild: + version bump with Chainsaw wrt security bug #415393, rm deprecated -r100 Is that severe enough to remove the previous versions?
(In reply to comment #2) > Is that severe enough to remove the previous versions? All packages with issues should be removed. First, we'd need to stabilize the fixed version though. Do you have any reason not to call arches here?
fixed in 2.10.4 http://www.pidgin.im/news/security/?id=62 http://www.pidgin.im/news/security/?id=63 Arch teams, please test and mark stable: =net-im/pidgin-2.10.4 Target KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
amd64: pass Note: repoman complains.
Stable for HPPA.
x86 stable
amd64 stable
alpha/ia64/sparc stable
ppc64 done
ppc done
old versions dropped + 08 Jun 2012; Julian Ospald <hasufell@gentoo.org> + -files/pidgin-2.10.0-networkmanager-0.9.patch, + -files/pidgin-2.10.0-utf8-validation.patch, -pidgin-2.10.1.ebuild, + -pidgin-2.10.3.ebuild: + drop vulnerable versions wrt bug #415393, remove obsolete patches
Thanks, folks. GLSA Vote: no.
GLSA vote: no, client-side DoS. Closing noglsa.