Hi, A few security issues were discovered in Pidgin recently (CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274).
Three of those affect specific protocols (mxit and sametime), and another one is about uPnP that is disabled in Tails' Pidgin configuration by default. The maintainer of Pidgin in Debian has no time to quickly issue a security update for stable right now, and at first glance the upstream patches don't trivially apply to stable's Pidgin. Given our 0.17 release schedule, I think we should workaround these issues in the easiest and quickest way. So, I propose we simply delete the shared libraries that implement mxit and sametime, the same way we do it for the msn support already. Implemented in bugfix/disable-flawed-Pidgin-features, candidate for 0.17 => please review and merge into testing and devel. If nobody has time to review and merge that until the time I build the final image tomorrow, then I guess I'll take the liberty to do it myself. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
