On 2012-Mar-18 17:00:35 +0000, Joe Marcus Clarke <mar...@freebsd.org> wrote: >marcus 2012-03-18 17:00:35 UTC > > FreeBSD ports repository > > Modified files: > net-im/libpurple Makefile distinfo > Log: > Update to 2.10.2. See http://developer.pidgin.im/wiki/ChangeLog for a > list of changes in this release.
Based on Mandriva security advisory MDVSA-2012:029, this appears to also fix CVE-2012-1178 (it's not clear to me whether the fix is in pidgin or libpurple). That advisory also lists CVE-2011-4939 that is fixed in pidgin 2.10.2 - do you have any plans to upgrade that port? (And a recent SANS @RISK also listed CVE-2012-1257 - which is fixed in libpurple/pidgin 2.10.1) These should probably all be listed in vuxml. -- Peter Jeremy
pgpcDj8auYRNm.pgp
Description: PGP signature
