SUSE-SU-2026:2967-1: moderate: Security update for libgnt, meson, pidgin

SLE-UPDATES null at suse.de
Tue Jul 14 16:39:58 UTC 2026


# Security update for libgnt, meson, pidgin

Announcement ID: SUSE-SU-2026:2967-1  
Release Date: 2026-07-14T11:11:18Z  
Rating: moderate  
References:

  * bsc#1057701
  * bsc#1062785
  * bsc#1068818
  * bsc#1125736
  * bsc#1184786
  * bsc#1191780
  * bsc#1260058
  * jsc#SLE-21105

  
Cross-References:

  * CVE-2019-25544

  
CVSS scores:

  * CVE-2019-25544 ( SUSE ):  6.9
    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2019-25544 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2019-25544 ( NVD ):  6.9
    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2019-25544 ( NVD ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2019-25544 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server 12 SP5 LTSS
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that solves one vulnerability, contains one feature and has six
security fixes can now be installed.

## Description:

This update for libgnt, meson, pidgin fixes the following issues

Security issue:

  * CVE-2019-25544: denial of service vulnerability that allows local attackers
    to crash the application by providing an excessively long username string
    during account creation (bsc#1260058).

Non security issues:

Changes for meson:

  * Update to version 0.46.0.

  * Require python2-devel for the testsuite (bsc#1125736)

  * Update to version 0.45.0:

  * Config-Tool based dependencies can be specified in a cross file.

  * Visual Studio C# compiler support.
  * Removed two deprecated features:
  * Generator outputs can preserve directory structure.
  * Hexadecimal string literals.
  * install_data()`defaults to``.}/{projectname
  * install_subdir() supports strip_directory.
  * Integer options.
  * New method meson.project_license().
  * Rust cross-compilation.
  * Rust compiler-private library disambiguation.
  * Project templates.
  * Improve test setup selection.
  * Yielding subproject option to superproject.

  * Update to version 0.44.1:

  * Support running out-of-tree tests against a meson in PATH.
  * Don't add rpaths to system libraries.
  * Fix meson location detection from other meson tools.
  * Various boost, pkg-config and vala related fixes.

  * Update to version 0.44.0:

  * New features:

  * Added warning function.
  * Adds support for additional Qt5-Module keyword moc_extra_arguments.
  * Prefix-dependent defaults for sysconfdir, localstatedir and sharedstatedir.
  * An array type for user options.
  * LLVM dependency supports both dynamic and static linking.
  * Added if_found to subdir.
  * get_unquoted() method for the configuration data object.
  * Added disabler object.
  * Config-Tool based dependencies gained a method to get arbitrary options.
  * Disable tests for static llvm: we don't ship the static libs.
  * Add cmake(Qt5LinguistTools), libwmf-devel BuildRequires and zlib-devel-
    static: new dependencies for various tests.

  * Require python3-xml: mesonbuild/modules/qt5.py imports the xml module
    (bsc#1068818).

  * Update to version 0.43.0:

  * Generator learned capture: Generators can now be configured to capture the
    standard output.

  * Can index CustomTarget objects: The CustomTarget object can now be indexed
    like an array. The resulting object can be used as a source file for other
    Targets, this will create a dependency on the original CustomTarget, but
    will only insert the generated file corresponding to the index value of the
    CustomTarget's output keyword.
  * The cross file can now be used for overriding the result of find_program.
    Then issuing the command find_program('objdump') will return the version
    specified in the cross file.
  * Easier handling of supported compiler arguments.
  * Better support for shared libraries in non-system paths: This release adds
    feature parity to shared libraries that are either in non-standard system
    paths or shipped as part of your project. On systems that support rpath,
    Meson automatically adds rpath entries to built targets using manually found
    external libraries.
  * The Wrap dependency system now supports Subversion (svn). This support is
    rudimentary. The repository url has to point to a specific (sub)directory
    containing the meson.build file (typically trunk/). However, providing a
    revision is supported.

  * Don't use obsolete boost-devel for openSUSE Leap 15.0 and newer
    (bsc#1062785).

  * Update to version 0.42.1.

  * Tumbleweed meson 0.42.0-1.1fails for clang++ projects (bsc#1057701).

  * Update to version 0.42.0:

  * Distribution tarballs from Mercurial repositories. Creating distribution
    tarballs can now be made out of projects based on Mercurial. As before, this
    remains possible only with the Ninja backend.
  * Keyword argument verification. Meson will now check the keyword arguments
    used when calling any function and print a warning if any of the keyword
    arguments is not known. In the future this will become a hard error.
  * Add support for Genie to Vala compiler. The Vala compiler has an alternative
    syntax, Genie, that uses the .gs file extension. Meson now recognises and
    uses Genie files.
  * Pkgconfig support for additional cflags. The Pkgconfig module object can add
    arbitrary extra cflags to the Cflags value in the .pc file, using the
    "extra_cflags" keyword.
  * Base options accessible via get_option(). Base options are now accessible
    via the get_option() function.
  * Allow crate type configuration for Rust compiler. Rust targets now take an
    optional rust_crate_type keyword, allowing you to set the crate type of the
    resulting artifact. Valid crate types are dylib or cdylib for shared
    libraries, and rlib or staticlib for static libraries. For more, see Rust's
    linkage reference.
  * Simultaneous use of Address- and Undefined Behavior Sanitizers. Both the
    address- and undefined behavior sanitizers can now be used simultaneously by
    passing -Db_sanitize=address,undefined to Meson.
  * Unstable SIMD module. A new experimental module to compile code with many
    different SIMD instruction sets and selecting the best one at runtime. This
    module is unstable, meaning it's API is subject to change in later releases.
    It might also be removed altogether.
  * Import libraries for executables on Windows. The new keyword implib to
    executable() allows generation of an import library for the executable.
  * Added build_rpath keyword argument. You can specify build_rpath: '/foo/bar'
    in build targets and the given path will get added to the target's rpath in
    the build tree. It is removed during the install step.
  * Meson will print a warning when the user tries to add an rpath linker flag
    manually, e.g. via link_args to a target. This is not recommended because
    having multiple rpath causes them to stomp on each other. This warning will
    become a hard error in some future release.
  * Vulkan dependency module. Vulkan can now be used as native dependency. The
    dependency module will detect the VULKAN_SDK environment variable or
    otherwise try to receive the vulkan library and header via pkgconfig or from
    the system.
  * Limiting the maximum number of linker processes. With the Ninja backend it
    is now possible to limit the maximum number of concurrent linker processes.
    This is usually only needed for projects that have many large link steps
    that cause the system to run out of memory if they are run in parallel. This
    limit can be set with the new backend_max_links option.
  * Disable implicit include directories. By default Meson adds the current
    source and build directories to the header search path. On some rare
    occasions this is not desired. Setting the implicit_include_directories
    keyword argument to false these directories are not used.
  * Support for MPI dependency. MPI is now supported as a dependency. Because
    dependencies are language-specific, you must specify the requested language
    with the language keyword, i.e., dependency('mpi', language='c') will
    request the C MPI headers and libraries. See the MPI dependency for more
    information.
  * Allow excluding files or directories from install_subdir. The install_subdir
    command accepts the new exclude_files and exclude_directories keyword
    arguments that allow specified files or directories to be excluded from the
    installed subdirectory.
  * Make all Meson functionality invokable via the main executable. Previously
    Meson had multiple executables such as mesonintrospect and mesontest. They
    are now invokable via the main Meson executable like this: meson configure
    <arguments> # equivalent to mesonconf <options> meson test <arguments> #
    equivalent to mesontest <arguments> The old commands are still available but
    they are deprecated and will be removed in some future release.
  * Pcap dependency detector. Meson will automatically obtain dependency
    information for pcap using the pcap-config tool. It is used like any other
    dependency.
  * GNOME module mkenums_simple() addition. Most libraries and applications use
    the same standard templates for glib-mkenums. There is now a new
    mkenums_simple() convenience method that passes those default templates to
    glib-mkenums and allows some tweaks such as optional function decorators or
    leading underscores.

  * Update to version 0.41.2:

  * Various gtkdoc fixes.

  * Fix how rpath directories are handled.
  * pkgconfig: avoid appending slash at Cflags.
  * Fix a missing path issue causing Python traceback.
  * Qt4 support.
  * Skip handling non-available dependencies.
  * vala: Only add --use-header for unity builds regression.
  * Tag functions in asm properly.

  * Update to version 0.41.1:

  * wxwidgets: Fix usage of multiple dependency() calls.
  * Make external library no-op when used with incompatible target
    (gh#mesonbuild/meson#1941).
  * Failing test for -D dedupping.
  * Preserve standalone -D arguments always.
  * Handle both pkg-config and pkgconf argument order
    (gh#mesonbuild/meson#1934).

  * Update to version 0.41.0:

  * Native support for linking against LLVM using the dependency function.
  * Pkgconfig support for custom variables.
  * A target for creating tarballs using 'ninja dist'.
  * Support for passing arguments to Rust compiler.
  * All known issues regarding reproducible builds are fixed.
  * Extended template substitution in configure_file for @BASENAME@ and
    @PLAINNAME@ .
  * Support for capturing stdout of a command in configure_file.

  * Update to version 0.40.1:

  * Outputs of generators can be used in custom targets in the VS

  * Visual Studio 2017 support.
  * Automatic initialization of subprojects that are git submodules.
  * No download mode for wraps.
  * Overriding options per target.
  * Compiler object get define.
  * Cygwin support.
  * Multiple install directories.
  * Can specify method of obtaining dependencies.
  * Link whole contents of static libraries.
  * Unity builds only for subprojects.
  * Running mesonintrospect from scripts.

  * Update to version 0.39.1:

  * Allow specifying extra arguments for tests.

  * Bug fixes and minor polishes.

  * Update to version 0.38.1:

  * New Uninstall target.

  * Support for arbitrary test setups.
  * Intel C/C++ compiler support.
  * Get values from configuration data objects.
  * Python 3 module support simplified.
  * Default options to subprojects.
  * Set targets to be built (or not) by default.
  * Add option to mesonconf to wipe cached data.
  * Can specify file permissions and owner when installing data.
  * has_header() checks are now faster.
  * Array indexing now supports fallback values.
  * Silent mode for Mesontest.

  * Update to version 0.37.1.

  * Update to version 0.37.0:

  * Mesontest: a new testing tool that allows you to run your tests in many
    different ways.

  * New shared_module function allows shared modules creation.
  * GNOME module now detects required programs and prints useful errors if any
    are missing.
  * GNOME module uses depfile support available in GLib >= 2.52.0.
  * i18n module has a new merge_file() function for creating translated files.
  * LLVM IR compilation is now supported.
  * .wrap files for subprojects can now include a separate push URL to allow
    developers to push changes directly from a subproject git checkout.
  * Multiple version restrictions while searching for pkg-config dependencies is
    now supported.
  * Support for localstatedir has been added.
  * You can now pass arguments to install scripts added with
    meson.add_install_script().
  * Added new options sbindir and infodir that can be used for installation.

  * Update to version 0.36.0:

  * Add option to run under gdb.
  * Always specify installed data with a File object (gh#mesonbuild/meson#858).
  * Made has_function survive optimization flags (gh#mesonbuild/meson#1053).
  * Can give many alternative names to find_program to simplify searching.
  * Can set compiler arguments in Java.

  * Changes from version 0.34.0:

  * Correctly install .typelib files to libdir.

  * Add option for as-needed link option.
  * Print the CFLAGS/LDFLAGS/etc inherited from the environment.
  * Only append compile flags to the link flags when appropriate.

  * Update to version 0.32.0.

  * Update to version 0.31.0.

  * Update to 0.29.0.

  * Update to 0.28.0.

  * Update to 0.27.0.

  * Update to 0.26.0.

Changes for libgnt:

  * update to 2.14.3:

  * Added an option to disable python2 support.

  * Add an option to disable building the docs.
  * Fix a SEGFAULT in gnt_combo_box_get_dropdown.
  * Fix an invalid read/write when hiding widgets
  * Look for python-2.7.pc as well as python2.pc
  * Bump the minimum meson version from 0.37.0 to 0.41.0
  * Fix a buffer size in gntwm.c

Changes for pidgin:

  * Update to version 2.14.8:

  * Fix a regression in purple_str_to_time

  * Update to version 2.14.7:

  * Fix leak in purple_markup_find_tag on error

  * Fix an assert in purple_markup_html_to_xhtml
  * Correctly free parse tags at end of purple_html_to_xhtml
  * Fix leak that may occur when xmlnode_from_str fails
  * Port purple_str_to_time to use a regular expressions

  * Update to version 2.14.6:

  * Update references to point to our current websites.

  * Add a donate link to the help menu. Finch:
  * Check pkg-config for ncurses before looking for it manually. Pidgin:
  * Replace newlines in topics with spaces. libpurple:
  * Added support for the no_proxy environment variable.
  * Added infrastructure for fuzzing as well as some initial fuzzers.
  * Fix an out of bounds write in purple_markup_linkify. XMPP:
  * Enable session management after binding a resource. Zephyr:
  * Fix a clang logical-not-parentheses warning.

  * Update to version 2.14.5:

  * static code analysis fixes

  * Disable UPnP and NAT-PMP by default for new user
  * IRC: Change the default server to irc.libera.chat

  * Update to version 2.14.4:

  * Use LT_LIB_M to find the math library. This should simplify things for
    various distros including the BSD's. (RR #608) (and, Justin Lechner)

  * Update purple-remote and purple-url-handler to have a Python 3 shebang.
  * Install our AppData file into the $prefix/share/metainfo. Windows-Specific
    Changes:
  * Output pkg-config files so that our Windows builds can be seen by meson.
    Grim owes a blog post on how this works.
  * Update the debug symbols download in the installer to the inetc plugin.
  * Make sure the uninstaller removes all files that we install.
  * Removed the AIM protocol plugin. AIM has been shut down since December 15th
    of 2017. We left it around because of a third party server, but our plugin
    no longer works with it. (RR #598) (Gary Kramlich)
  * Standardize on wprintf in pidgin/win32/winpidgin.c
  * Use the inetc nsis plugin that supports https
  * If building under msys2 copy libgcc_s_dw2-1.dll and libwinpthread to the
    install directory. (RR #593) (PIDGIN-17511) (Gary Kramlich)
  * Fix a build issue when compiling with gstreamer but without voice and video.
  * Enable cyrus-sasl by default.
  * Fix an issue with opening link in Firefox.
  * Fix a regression from 2.14.0 where extra whitespace would be displayed when
    pasting <p> elements from HTML.
  * Require Python 3 for generating the D-Bus bindings.
  * Fix an issue where pasting <hr>'s and other HTML elements would eventually
    lead to a crash.

  * Update to version 2.14.1:

  * Fix an issue that caused the Mercurial revision in the About box to be
    "unknown".

  * Update to version 2.14.0:

General: \+ Fixed a memory leak in search results (pidgin.im#17292). \+ Support
SNI with GnuTLS (pidgin.im#17300 tiagosalem). \+ Add additional error handling
to NSS and GnuTLS. \+ libpurple: \+ Add invisible buddy support to support
presence/name/photos for non-buddies (pidgin.im#17295). \+ Make purple-remote
compatible with both Python 2 and Python 3. \+ Fix some leaky deprecation
warnings. \+ Fix HTML logs which were writing invalid HTML (pidgin.im#17280). \+
Fix use after free in purple_smiley_set_data_impl. \+ Added the chat_send_file
ability to protocol plugins. Pidgin: \+ Treat <p> tags as line breaks when
pasting. \+ Reverted pidgin.im#17232. It caused more harm than good. Bonjour: \+
Always use port fallback for IPv4 addresses. \+ XMPP: \+ Support for XEP-0198
Stream Management. \+ Decrease delay for file transfer using streamhosts. \+
Voice & Video: \+ Improve webcam failure handling. \+ Show error when creating
media pipeline fails. \+ Clip audio level reporting (pidgin.im#14426). \+ Keep
track of devices managed by GstDeviceMonitor. \+ Ignore PulseAudio monitors. \+
Backport native Voice & Video prefs from 3.0. \+ Fix building against GStreamer
0.10. \+ Fix initial delay on incoming audio. \+ Properly cleanup timeouts. \+
Add an audio mixer so mixed sources don't cause a pipe failure. \+ Add screen
share support for Wayland via XDP Portal. \+ Handle unplug and replug events of
selected media device.

  * Update to version 2.13.0:

  * Unified string comparison.

  * Properlly shell escape URI's when opening them.
  * Fix a one byte buffer overread in function purple_markup_linkify.
  * Fix an issue were utf8 was incorrectly truncated which could lead to crashes
    as we were potentially feeding garbage into glib/gtk. libgnt:
  * Partially fix building against curses 6.0 with opaque structs set
    (pidgin.im#16764).
  * Fix a crash when resizing the window (pidgin.im#16680).
  * Fix a bashism in autotools (pidgin.im#16836).
  * Show XEP-0066 OOB URLs in any message, not just headlines.
  * Fix a user after free (pidgin.im#17200).
  * Remove pipelining from BOSH connections (pidgin.im#17025).
  * Don't try to TLS already secured BOSH connections (pidgin.im#17270). IRC:
  * Fix "Registration timeout" on SASL auth with InspIRCd servers (and possibly
    others not based on charybdis/ratbox/ircd-seven).
  * Fix issues with plugins that modify outgoing messages (such as the custom
    PART/QUIT feature of the IRC More plugin).
  * Fix IRC buffer handling (pidgin.im#12562).
  * Properly handle AUTHENTICATE as a normal command with server prefix.
  * Fix a crash caused by a use after free of the MOTD.
  * Fix an out of bounds read in irc_nick_skip_mode.
  * Fix a write of a single byte before the start of a buffer in irc_parse_ctcp.
  * Better support for dark themes (pidgin.im#12572).
  * Fix IPv6 links by not escaping []'s. (pidgin.im#16391).
  * Only write buddy icons to the cache if they're not already cached.
  * Rejoin persistent chats after reconnect (pidgin.im#15687).
  * Make the WIN32 Transparency plugin work on all platforms (pidgin.im#3124).
  * Ensure search results buttons are labelled.
  * Fix matching unicode emoticons (pidgin.im#17232).
  * Correctly update mute/unmute status when the remote side mutes/unmutes us
    (pidgin.im#17273).
  * Rework the status icon blinking to not use deprecated API (pidgin.im#17174).
  * Do not allow adding a buddy to protocols that don't have an add_buddy
    callback.
  * Finch:
  * Fix handling of search results (pidgin.im#17238).
  * Port backend-fs to newer api for farstream relay-info property
    (pidgin.im#17274).

  * Add purple-import-empathy Recommends for SLE15 (FATE#322984).

  * Remove obsolete translation-update-upstream support (jsc#SLE-21105).
  * Extract libpurple.so._and libpurple-client.so._ to own packages
    (bsc#1191780).
  * don't package directories owned by filesystem rpm (bsc#1184786)
  * Drop support for openSUSE older than Leap 15.0.
  * No longer recommend -lang: supplements are in use
  * Drop pkgconfig(NetworkManager) BuildRequires and Requires: this legacy
    symbol is no longer maintained and pidgin is not yet ready to move to libnm.
    As a side-effect, we no longer depend on NM for all situations, even if the
    system were to run wicked.
  * Replace --enable-nm configure parameter with --disable-nm.
  * Instead of removing the libjabber.so, liboscar.so symlinks, move them to the
    devel package.
  * Export PYTHON=python3 in %build.
  * Adjust scripts to invoke python3, not python2.
  * Drop support for SLE 11 and openSUSE older than 42.x.
  * Correct the licence to GPL-2.0.
  * Explicitly require python2
  * Drop dependency over silc-toolkit-devel as we want to remove it from the
    distribution

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server 12 SP5 LTSS  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2967=1

  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2967=1

## Package List:

  * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * farstream-devel-0.2.8-5.2.4
    * libnice-debugsource-0.1.13-7.2.3
    * libfarstream-0_2-5-0.2.8-5.2.4
    * libgnt-devel-2.14.3-4.3.8
    * gstreamer-plugins-farstream-0.2.8-5.2.4
    * libgupnp-1_0-4-0.20.18-8.5.2
    * libpurple-debuginfo-2.14.8-3.9.3
    * libpurple-client0-debuginfo-2.14.8-3.9.3
    * libnice-devel-0.1.13-7.2.3
    * libgupnp-devel-0.20.18-8.5.2
    * libpurple-tcl-debuginfo-2.14.8-3.9.3
    * libgnt-debugsource-2.14.3-4.3.8
    * gssdp-debugsource-0.14.16-7.2.1
    * finch-devel-2.14.8-3.9.3
    * libnice-debuginfo-0.1.13-7.2.3
    * libgupnp-igd-devel-0.2.4-6.2.2
    * libgssdp-1_0-3-debuginfo-0.14.16-7.2.1
    * farstream-debugsource-0.2.8-5.2.4
    * typelib-1_0-Farstream-0_2-0.2.8-5.2.4
    * libgupnp-1_0-4-debuginfo-0.20.18-8.5.2
    * finch-debuginfo-2.14.8-3.9.3
    * libpurple0-2.14.8-3.9.3
    * finch-2.14.8-3.9.3
    * gupnp-debugsource-0.20.18-8.5.2
    * libpurple-client0-2.14.8-3.9.3
    * typelib-1_0-GUPnPIgd-1_0-0.2.4-6.2.2
    * libpurple-2.14.8-3.9.3
    * libpurple-tcl-2.14.8-3.9.3
    * libnice10-0.1.13-7.2.3
    * libgnt0-2.14.3-4.3.8
    * libgnt-devel-debuginfo-2.14.3-4.3.8
    * libpurple-devel-2.14.8-3.9.3
    * libgssdp-1_0-3-0.14.16-7.2.1
    * typelib-1_0-GUPnP-1_0-0.20.18-8.5.2
    * libgnt0-debuginfo-2.14.3-4.3.8
    * libgssdp-devel-0.14.16-7.2.1
    * libpurple0-debuginfo-2.14.8-3.9.3
    * typelib-1_0-GSSDP-1_0-0.14.16-7.2.1
    * libgupnp-igd-1_0-4-0.2.4-6.2.2
    * libfarstream-0_2-5-debuginfo-0.2.8-5.2.4
    * libgupnp-igd-1_0-4-debuginfo-0.2.4-6.2.2
    * libnice10-debuginfo-0.1.13-7.2.3
    * pidgin-devel-2.14.8-3.9.3
  * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch)
    * libpurple-lang-2.14.8-3.9.3
    * libpurple-branding-upstream-2.14.8-3.9.3
    * farstream-data-0.2.8-5.2.4
  * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64)
    * libgnt0-32bit-2.14.3-4.3.8
    * libgnt0-debuginfo-32bit-2.14.3-4.3.8
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
    * farstream-devel-0.2.8-5.2.4
    * libnice-debugsource-0.1.13-7.2.3
    * libfarstream-0_2-5-0.2.8-5.2.4
    * libpurple-debuginfo-2.14.8-3.9.3
    * gstreamer-plugins-farstream-0.2.8-5.2.4
    * libgupnp-1_0-4-0.20.18-8.5.2
    * libgnt-devel-2.14.3-4.3.8
    * libpurple-client0-debuginfo-2.14.8-3.9.3
    * libnice-devel-0.1.13-7.2.3
    * libgupnp-devel-0.20.18-8.5.2
    * libpurple-tcl-debuginfo-2.14.8-3.9.3
    * libgnt-debugsource-2.14.3-4.3.8
    * gssdp-debugsource-0.14.16-7.2.1
    * finch-devel-2.14.8-3.9.3
    * libnice-debuginfo-0.1.13-7.2.3
    * libgupnp-igd-devel-0.2.4-6.2.2
    * libgssdp-1_0-3-debuginfo-0.14.16-7.2.1
    * farstream-debugsource-0.2.8-5.2.4
    * typelib-1_0-Farstream-0_2-0.2.8-5.2.4
    * libgupnp-1_0-4-debuginfo-0.20.18-8.5.2
    * finch-debuginfo-2.14.8-3.9.3
    * libpurple0-2.14.8-3.9.3
    * finch-2.14.8-3.9.3
    * gupnp-debugsource-0.20.18-8.5.2
    * libpurple-client0-2.14.8-3.9.3
    * typelib-1_0-GUPnPIgd-1_0-0.2.4-6.2.2
    * libpurple-tcl-2.14.8-3.9.3
    * libpurple-2.14.8-3.9.3
    * libnice10-0.1.13-7.2.3
    * libgnt0-2.14.3-4.3.8
    * libgnt-devel-debuginfo-2.14.3-4.3.8
    * libpurple-devel-2.14.8-3.9.3
    * libgssdp-1_0-3-0.14.16-7.2.1
    * typelib-1_0-GUPnP-1_0-0.20.18-8.5.2
    * libgssdp-devel-0.14.16-7.2.1
    * libpurple0-debuginfo-2.14.8-3.9.3
    * libgnt0-debuginfo-2.14.3-4.3.8
    * typelib-1_0-GSSDP-1_0-0.14.16-7.2.1
    * libgupnp-igd-1_0-4-0.2.4-6.2.2
    * libfarstream-0_2-5-debuginfo-0.2.8-5.2.4
    * libgnt0-32bit-2.14.3-4.3.8
    * libgupnp-igd-1_0-4-debuginfo-0.2.4-6.2.2
    * libnice10-debuginfo-0.1.13-7.2.3
    * pidgin-devel-2.14.8-3.9.3
    * libgnt0-debuginfo-32bit-2.14.3-4.3.8
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch)
    * libpurple-lang-2.14.8-3.9.3
    * libpurple-branding-upstream-2.14.8-3.9.3
    * farstream-data-0.2.8-5.2.4

## References:

  * https://www.suse.com/security/cve/CVE-2019-25544.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1057701
  * https://bugzilla.suse.com/show_bug.cgi?id=1062785
  * https://bugzilla.suse.com/show_bug.cgi?id=1068818
  * https://bugzilla.suse.com/show_bug.cgi?id=1125736
  * https://bugzilla.suse.com/show_bug.cgi?id=1184786
  * https://bugzilla.suse.com/show_bug.cgi?id=1191780
  * https://bugzilla.suse.com/show_bug.cgi?id=1260058
  * https://jira.suse.com/browse/SLE-21105

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260714/a3d25656/attachment.htm>


More information about the sle-updates mailing list