SUSE has issued an advisory today (May 16): https://lists.suse.com/pipermail/sle-security-updates/2022-May/011017.html The issue is fixed upstream in 2.14.9.
Status comment: (none) => Fixed upstream in 2.14.9See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=29149
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCEWC62ZCIOYKJOQNJHI7R6EJHTSTZX/
Fixed in mga8: src: - pidgin-2.14.1-6.1.mga8
Assignee: smelror => qa-bugsStatus comment: Fixed upstream in 2.14.9 => (none)CC: (none) => mageia, smelror
pidgin-2.14.1-6.1.mga8 pidgin-plugins-2.14.1-6.1.mga8 libpurple0-2.14.1-6.1.mga8 libpurple-devel-2.14.1-6.1.mga8 pidgin-perl-2.14.1-6.1.mga8 finch-2.14.1-6.1.mga8 pidgin-client-2.14.1-6.1.mga8 pidgin-silc-2.14.1-6.1.mga8 pidgin-meanwhile-2.14.1-6.1.mga8 pidgin-bonjour-2.14.1-6.1.mga8 libfinch0-2.14.1-6.1.mga8 pidgin-tcl-2.14.1-6.1.mga8 pidgin-i18n-2.14.1-6.1.mga8 from pidgin-2.14.1-6.1.mga8.src.rpm
Fedora has issued an advisory for this today (May 19): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/56CQ66SQFAFDB2JPMOCRC2IJISJ4Y5FX/ Upstream has issued an advisory for this on April 28: https://pidgin.im/about/security/advisories/cve-2022-26491/
Severity: normal => major
MGA XFCE Updated with QA repo and rpms: lib64purple0 2.14.1 6.1.mga8 x86_64 pidgin 2.14.1 6.1.mga8 x86_64 pidgin-i18n 2.14.1 6.1.mga8 noarch pidgin-plugins 2.14.1 6.1.mga8 x86_64 Tested with IRC chat, ok for me.
CC: (none) => guillaume.royer
mga8-64 Plasma system. Installed pidgin, no issues. Once upon a time I had accounts with AIM and ICQ, but I've long since forgotten the necessary information to use them, if even they still exist. So, I also installed purple-facebook, and then successfully logged in to Facebook Messenger. Updated using qarepo, then re-ran pidgin, which automatically logged into Facebook Messenger again, showing which of my friends were available to chat. Looks OK here, too. Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0208.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED