Format String Bug into libsilcclient 1.1.2
Daniel Atallah
daniel.atallah at gmail.com
Fri Oct 14 17:20:04 EDT 2011
On Fri, Oct 14, 2011 at 17:01, Ethan Blanton <elb at pidgin.im> wrote:
> Joilson Rabelo spake unto us the following wisdom:
>> Libsilcclient 1.1.2 dll is vulnerable to format string attacks since 2009
>> and i'd like to know why you guys did not updated it?
>>
>> Pidgin 2.10 is obviously vulnerable since it uses 1.1.2, please upgrade to
>> 1.1.3 and the problem is going to be solved, it's a serious bug and can lead
>> to Remote Code Execution
>
> I assume you are talking specifically about our Windows package, is
> that true? (We do not bundle libsilc with our sources.)
The Windows Package currently ships with libsilc 1.1.8.
The name of the DLL is still "libsilcclient-1-1-2.dll" due to how the
libsilc build scripts work.
-D
More information about the security
mailing list