Ubuntu
pidgin-otr package

CVE-2012-2369 - is it fixed in precise?!?

Asked by h1repp on 2012-09-29

pidgin-otr contained a long living severe security flaw: see CVE-2012-2369. In May, Debian immediately patched their version to 3.2.1 that closed this hole. Did Ubuntu backport this patch to the 3.2.0 LTS version, or are we expected to live with this remote execution vulnerablity for the next 3 years?

Question information

Language:: English Edit question

Status:: Answered

For:: Ubuntu pidgin-otr Edit question

Assignee:: No assignee Edit question

Last query:: 2012-09-29

Last reply:: 2012-09-29

Revision history for this message

Thomas Krüger (thkrueger) said on 2012-09-29:

#1

Yes, see the link below for details:
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/pidgin-otr/precise-security/revision/8

Revision history for this message

actionparsnip (andrew-woodhead666) said on 2012-09-29:

#2

Just because a package version isn't in the initial release of Ubuntu doesn't mean it cannot be updated later, think about it

Can you help with this problem?

Provide an answer of your own, or ask h1repp for more information if necessary.

To post a message you must log in.

Ask a question

Edit question

Subscribers