Pidgin 2.10.2 for Windows - SEcurity flaw in GTK ?
daniel.atallah at gmail.com
Mon Mar 19 20:04:19 EDT 2012
On Mon, Mar 19, 2012 at 16:58, "Vincent Duvernet (Nolmë Informatique)"
<vincent.duvernet at nolme.com> wrote:
> Hi everybody.
> I have a security question about Pidgin 2.10.2 for Windows I've just installed
> Kaspersky AV report a security flaw in : "C:\Program Files (x86)\Pidgin\Gtk\bin\libgdk-win32-2.0-0.dll"
> from Secunia : http://secunia.com/advisories/45815
> IT seems that solution is to upgrade GTK to latest version.
> But why didn't you embbed it on the 2.10.2 release ?
We don't believe this to be a significant issue based on how pidgin uses GTK+.
See http://developer.pidgin.im/ticket/14571 for more information.
GTK+ wasn't upgraded because there wasn't a need to do so and we
haven't tested the latest version adequately to be sure it isn't
problematic - many versions newer than the version we ship have known
More information about the security