Pidgin 2.8.0: MSN, No QQ...

Mark Doliner mark at kingant.net
Tue Jun 7 05:31:31 EDT 2011


On Fri, May 13, 2011 at 6:35 AM, Paul Aurich <darkrain42 at pidgin.im> wrote:
> it sounds like we shouldn't be considering it a security flaw.

I agree with this because it's fairly hard to cause problems using
this bug because:
* Hacker must perform man-in-the-middle attack
* User must have changed the settings for their MSN account to use the
HTTP connection method

So yeah, let's skip the CVE process (just wanted to confirm, in case
people were unsure).

--Mark



More information about the Packagers mailing list