CVE-2008-2956 is the only remaining bug that hasn't been fixed upstream. It's not considered serious because of the reasons given earlier:
The other issue (CVE-2008-2956) can only be exploited, when the client is connecting to a server that either does not check for malformed XML or send them. Therefore, it could (under certain circumstances) be used to perform a DoS. On Sat, 2008-11-08 at 22:52 -0330, John Walsh wrote: > This seems like a fairly serious security bug to be left alone for > several months...is there anyone involved in maintaining pidgin working > on patching this? > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
