[Slackbuilds-users] Concerning: [slackware-security] pidgin (SSA:2012-195-02)

Black Rider black_rider at esdebian.org
Sun Jul 15 10:49:52 UTC 2012


I keep an eye on the following sites to know of software
vulnerabilities:

http://web.nvd.nist.gov/view/vuln/search

http://packetstormsecurity.org/

There are times when vulnerabilities are not quickly addressed in SBo,
because it takes time to update/approve the new updates in the
repository. However, I must sincerely declare that I use over 50
SlackBuilded packages and they rarely have brought a meaningful security
hole to my system.

El Sat, 14 Jul 2012 14:48:31 -0700
"Bradley D. Thornton" <Bradley at NorthTech.US> escribió:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> 
> 
> 
> On 07/14/2012 11:49 AM, Slackware Security Team wrote:
> > 
> > [slackware-security]  pidgin (SSA:2012-195-02)
> > 
> > New pidgin packages are available for Slackware 12.2, 13.0, 13.1,
> > 13.37, and -current to fix security issues.
> 
> Something that I had thought about bringing up in the past but always
> ended up not being addressed due to other 'things' I needed to do...
> 
> Anyway, I was taken aback for a second when I got the email above, but
> only for a second. I had to think to myself, "Is Pidgin Mainline
> Slack? Oh yeah, it is.", that's why I'm getting the alert.
> 
> But there are plenty of SBo's that we don't get any sort of security
> notification on, and while it is prudent to follow the security lists
> for any such app that you install, I think that with regards to SBo's
> most of us don't follow the upstream devs security announcement lists.
> 
> Has there been any discussion on SBo providing links or any sort of
> distribution of security news or announcements for SBo's supported
> here?
> 
> IOW, once an SBo, say 'htop' goes mainline Slack, then security issues
> for that app are monitored by the Slackware team and we receive
> announcements via the Slackware Security list or via a tail of the
> Changelog.
> 
> So it may be a good thing if we had something like that here at SBo
> for announcements concerning SlackBuilds that are carried here.
> 
> Kindest regards,
> 
> 
> - -- 
> Bradley D. Thornton
> Manager Network Services
> NorthTech Computer
> TEL: +1.310.388.9469  (US)
> TEL: +44.203.318.2755 (UK)
> TEL: +41.43.508.05.10 (CH)
> http://NorthTech.US
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Find this cert at x-hkp://pool.sks-keyservers.net
> 
> iQEcBAEBAwAGBQJQAekuAAoJEE1wgkIhr9j3QYMH/jwZE9W62tqVFcjHuKz8qLy2
> KS86WFuV5aJt6WCgNfBP+0SMpIAVWoz+IOLHMOUdJB9eb6nKpyZv7IsykVtODcsQ
> ZN+JQyCJxzxxMoVAaybXdvozEkP+guktBJDPn81wD0W2owXoGYWGC0QpQKxbwF4a
> cvWMoqON0YG0wx54ETbsUfvtS+YBIWtaTbRR1Y/Bg2WAV5KydltHM7Gfqk/xZGV0
> blWNSREMO9U+J8IcjrIQ+Fhd1iQvG/k5O5AeTT/ldcswvFwRd9C8gUG0encChEy2
> M1ti0+94mJEsA8GQAkT8uHbyUX8DDbKNnt2johWu1QT2DEH/MxjCwzZUNfTbZaw=
> =D7VZ
> -----END PGP SIGNATURE-----
> 



---------- 
My GPG keys are available in various keyservers. To retrieve the one
used for signing this mesage, use "gpg --keyserver hkp://keys.gnupg.net
--recv-keys 0x6D0B9F27" under GNU/Linux.

Windows rises the cost of your computer up to a 20%. Don't let them
pull your leg! Use free operating systems. See the websites of Knoppix,
Debian, Slackware...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20120715/2c7cadd9/attachment.asc>


More information about the SlackBuilds-users mailing list