I'm a dev on the Pidgin project and I just looked at the original diff from the CRISP advisory. I wasn't able to find a flaw in the libpurple source code. If someone can point out exactly how the leak happens, or provide a proof of concept XML file that demonstrates the leak, I'll gladly look at it again. Until then I vote for closing this as invalid.
--Mark -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
