Multiple remotely-triggerable crashes in libpurple

Paul Aurich darkrain42 at
Sun Oct 10 01:10:20 EDT 2010

On 2010-10-09 22:02, John Bailey wrote:
>   * XMPP protocol plugin
>     * An invalid base64-encoded Digest-MD5 authentication challenge is
>       received (this crash can happen only when Cyrus SASL is not available
>       or does not provide Digest-MD5 support)

For clarification here, this crash will affect Adium (they patch
libpurple to avoid Cyrus SASL's Digest MD5 implementation due to interop
issues), but will not impact any other version of libpurple built with
Cyrus SASL support, as there is currently no logic to fall back on
internal methods.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Packagers mailing list