Pidgin 2.10.2 for Windows - SEcurity flaw in GTK ?

Daniel Atallah daniel.atallah at gmail.com
Mon Mar 19 20:04:19 EDT 2012


On Mon, Mar 19, 2012 at 16:58, "Vincent Duvernet (Nolmë Informatique)"
<vincent.duvernet at nolme.com> wrote:
>
> Hi everybody.
>
> I have a security question about Pidgin 2.10.2 for Windows I've just installed
>
> Kaspersky AV report a security flaw in : "C:\Program Files (x86)\Pidgin\Gtk\bin\libgdk-win32-2.0-0.dll"
> from Secunia : http://secunia.com/advisories/45815
>
> IT seems that solution is to upgrade GTK to latest version.
> But why didn't you embbed it on the 2.10.2 release ?


We don't believe this to be a significant issue based on how pidgin uses GTK+.
See http://developer.pidgin.im/ticket/14571 for more information.

GTK+ wasn't upgraded because there wasn't a need to do so and we
haven't tested the latest version adequately to be sure it isn't
problematic - many versions newer than the version we ship have known
regressions.

-D


More information about the security mailing list