[liberationtech] Security Vulnerability in Pidgin-OTR (Please Upgrade)
Douglas Lucas
dal at douglaslucas.com
Thu May 17 11:03:05 PDT 2012
Hi everyone,
Just got this from Stephen M. Webb on behalf of ubuntudev team:
> To get pidgin-otr 3.2.1 into 11.10, you need to request a backport [1].
Be prepared to do some testing.
>
> [1] https://wiki.ubuntu.com/UbuntuBackports
And the pidgin-otr for Precise in Michael Zeltner's email below looks like
3.2.0-5.
Fun times.
Douglas
On Thu, May 17, 2012 at 12:53 PM, Douglas Lucas <dal at douglaslucas.com>wrote:
> Hi everyone,
>
> Maybe I'm blind, but that looks like 3.2.0-5, and not 3.2.1. Also, I'm
> using Ocelot.
>
> Douglas
>
> On Thu, May 17, 2012 at 11:33 AM, Michael Zeltner <m at niij.org> wrote:
>
>> Excerpts from Douglas Lucas's message of 2012-05-17 18:21:32 +0200:
>> > Ubuntu apt-get update/upgrade showed me a new package for pidgin-otr,
>> but
>> > not the vulnerability bugfix 3.2.1 (From terminal: "Preparing to replace
>> > pidgin-otr 3.2.0-5 (using
>> .../pidgin-otr_3.2.0-5ubuntu0.11.10.1_amd64.deb)
>> > ...")
>> >
>> > https://launchpad.net/ubuntu/+source/pidgin-otr/ now shows a pidgin-otr
>> > 3.2.1 upgrade for Quantal, but only 3.2.0-5 for Oneiric (uploaded 9
>> hours
>> > ago). The newest version should be 3.2.1, right?
>>
>> They've applied the patch that was included in the announcement:
>>
>> https://launchpad.net/ubuntu/+source/pidgin-otr/3.2.0-5ubuntu0.12.04.1
>>
>>
>> https://launchpadlibrarian.net/105340279/pidgin-otr_3.2.0-5_3.2.0-5ubuntu0.12.04.1.diff.gz
>>
>> You and the other Precise users should be fine.
>>
>> Best, Michael
>> --
>> http://niij.org/
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> If you would like to receive a daily digest, click "yes" (once you click
>> above) next to "would you like to receive list mail batched in a daily
>> digest?"
>>
>> You will need the user name and password you receive from the list
>> moderator in monthly reminders. You may ask for a reminder here:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> Should you need immediate assistance, please contact the list moderator.
>>
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120517/a0a92a0b/attachment.html>
More information about the liberationtech
mailing list