MSN emoticon DoS
John Bailey
rekkanoryo at rekkanoryo.org
Fri May 7 23:06:51 EDT 2010
On 05/07/2010 08:31 AM, Jan Lieskovsky wrote:
> So you probably want to fix both of them. Though not sure, how much
> widely the code in relevant "msnp9"
> subdirectory is used nowadays.
MSNp9 is removed for 2.7.0. The last release in which MSNp9 was used is 2.4.3.
Since we removed MSNp9, we may not have checked to see if that plugin was
vulnerable as well. Only distributions using Pidgin 2.4.3 or earlier will need
to care, truthfully, as Pidgin 2.5.0 and newer enabled the MSNp15
(libpurple/msn) plugin by default.
Also, do we need to get a CVE number for this one? I know we've done it in the
past.
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20100507/ccccec44/attachment.pgp>
More information about the Packagers
mailing list