Format String Bug into libsilcclient 1.1.2

Ethan Blanton elb at
Fri Oct 14 17:01:56 EDT 2011

Joilson Rabelo spake unto us the following wisdom:
> Libsilcclient 1.1.2 dll is vulnerable to format string attacks since 2009
> and i'd like to know why you guys did not updated it?
> Pidgin 2.10 is obviously vulnerable since it uses 1.1.2, please upgrade to
> 1.1.3 and the problem is going to be solved, it's a serious bug and can lead
> to Remote Code Execution

I assume you are talking specifically about our Windows package, is
that true?  (We do not bundle libsilc with our sources.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <>

More information about the security mailing list