GNOME Bugzilla – Bug 682642
Update GTK libraries for win32
Last modified: 2012-10-23 14:50:06 UTC
While working on two pidgin bugs, we've come to the conclusion that it would be a great help if the Gnome project could update the win32 builds available on the gtk website: http://www.gtk.org/download/win32.php It appears that the gtk libraries for download have myriad of outstanding and long since fixed security issues, many with CVEs. Here are the two pidgin bugs for reference: http://developer.pidgin.im/ticket/15281 http://developer.pidgin.im/ticket/14571 Essentially, Pidgin may be be remotely exploitable because it depends on these libraries and they haven't been updated in a while. Alternatively, if there is a documented way to update these packages to the latest GTK code of the 2.24.x branch that is not vulnerable or linked against known vulnerable library code, I'd like to check it out. Links appreciated.
From what I understood from these bugs, it seems you want to keep using GTK 2.16, which is basically obsolete. 2.24.10 is the version provided by gtk.org. Is there any security issues with that one? I'm not a GTK maintainer nor developer, but I doubt someone still maintains 2.16. It also seems both of your issues have been fixed on the pidgin side by patching GTK 2.16, so I suppose the issue is solved, and I'm closing this bug. Please reopen if you think there's still a problem.