Daniel Iliev wrote:
> On Sat, 23 May 2009 09:23:27 -0400
> Saphirus Sage <saphirus...@gmail.com> wrote:
>
>
>> Daniel Iliev wrote:
>>
>>> Hi,
>>>
>>> Since I'm not familiar with Gentoo's practice in dealing with
>>> security problems I got curious about the following case.
>>> Yesterday a Secunia advisory [1] about pidgin was brought to my
>>> attention. The solution offered by the up-streams is upgrading to
>>> version 2.5.6, while the latest version in portage is "~2.5.5-r1".
>>>
>>> As I see it, there are three possibilities:
>>> 1) even older, the version in Gentoo is not affected, because the
>>> maintainers had taken care of it (too optimistic?)
>>> 2) Gentoo installations are still vulnerable to the bugs
>>> described in the advisory and nobody knows about it (quite
>>> disturbing) 3) Gentoo maintainers are working on it, but still not
>>> ready
>>>
>>> Which one is it?
>>>
>>>
>>> [1] [SA35194] http://secunia.com/advisories/35194/
>>>
>>>
>>>
>>>
>> It's in portage, sync your tree and check again. I just installed
>> Pidgin 2.5.6 last night.
>>
>>
>
> I guess the mirror I'm using is not up-to-date and they will get a
> report about it,
>
> Thanks!
>
>
I sync from rsync://rsync21.us.gentoo.org/gentoo-portage primarily due
to the fact that it's an unlimited-sync server.
