Veracode static analysis results
Chris Wysopal
cwysopal at Veracode.com
Wed Dec 5 15:18:31 EST 2012
Now with attachment.
From: Chris Wysopal
Sent: Wednesday, December 05, 2012 3:18 PM
To: 'security at pidgin.im'
Subject: Veracode static analysis results
Hello Pidgin Security Team,
A customer asked us to analyze Pidgin using our static analyzer. Our responsible disclosure policy is to inform you of any findings so that you may have the chance to review, comment, and/or fix the issues.
I think the software performed very well on our analysis but there are a few issues we have found. Attached is our full report. You can find the description of the issues found on pages 10-15. We found 1 Very High criticality. 5 Medium, and 47 low. Here is a summary.
Flaws by Severity and Scan Type
Severity
Total
Static
Very High
1
1
Untrusted Search Path
1
1
High
0
0
Medium
5
5
Cryptographic Issues
1
1
Directory Traversal
3
3
Race Conditions
1
1
Low
47
47
Error Handling
47
47
Very Low
0
0
Information
0
0
Please acknowledge receipt and if you have intentions of investigating and potentially fixing these issues. If this is the case we will certainly give you time to address the issues before releasing any information outside of your team.
Cheers,
Chris
Chris Wysopal
CTO
Veracode
617-501-3277
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20121205/ccb57dee/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DetailedReport_Pidgin_2-10-6---Linux_2012125143246766.pdf
Type: application/pdf
Size: 207863 bytes
Desc: DetailedReport_Pidgin_2-10-6---Linux_2012125143246766.pdf
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20121205/ccb57dee/attachment-0001.pdf>
More information about the security
mailing list