Potential security issue: Yahoo authorisation requests with invalid encoding
robertvehse at fastmail.fm
Mon Sep 24 06:21:32 EDT 2012
at Adium, we received a bug report about a crash with Yahoo. It looks like it could be a security issue in libpurple.
13:38:18 Thijs Alkemade: Looks like http://trac.adium.im/ticket/16164 could be a security issue
13:39:31 Thijs Alkemade: It crashes on an auth request that contains something that is not valid UTF8, and libpurple doesn't salvage it properly
13:40:42 Thijs Alkemade: So it's possible anyone could send such an auth request to someone using Adium with Yahoo, and cause a crash
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security