Well, it seems like Skype didn't bother to tell anyone to update to 5.0 for security reasons. I've been waiting for this release patiently, for months and months, since I reported this bug to them. Now that it is fixed, I'll disclose the bug myself. It seems like Skype has a poor excuse for a security response team, though. From people I have talked to, it seems like you cannot trust them to get back to security researchers, credit them for their findings, or disclose the vulnerabilities to their users. This is bad for Skype and bad for Skype's users.
The second bug was weird: A callto: based call could be made such that even after you attempted to cancel it, it would remain in progress but with no UI. You'd need to quit Skype in order to make it end. This was tested on Skype prior to version 5.0 on the Mac. To do it, you just need to dial using the recipients number twice. For example, to call 5551212, you would use: callto://5551212&5551212
I found out that Skype 5.0 was released because I manually checked. I don't think that most user's do this on a regular basis. I bet there are a lot of people out there who are vulnerable to these issues.
Nitesh Dhanjani found a bug similar to this on the iPhone. More information on his bug is available at [link].