Format String Bug into libsilcclient 1.1.2
Ethan Blanton
elb at pidgin.im
Fri Oct 14 17:01:56 EDT 2011
Joilson Rabelo spake unto us the following wisdom:
> Libsilcclient 1.1.2 dll is vulnerable to format string attacks since 2009
> and i'd like to know why you guys did not updated it?
>
> Pidgin 2.10 is obviously vulnerable since it uses 1.1.2, please upgrade to
> 1.1.3 and the problem is going to be solved, it's a serious bug and can lead
> to Remote Code Execution
I assume you are talking specifically about our Windows package, is
that true? (We do not bundle libsilc with our sources.)
Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20111014/a244e060/attachment.pgp>
More information about the security
mailing list