Security Bug in Pidgin-2.10.7
Radhesh Krishnan K
radheshkrishnank at gmail.com
Sat Apr 13 11:35:03 EDT 2013
Hi ,
libpurple is using openSSL. And I believe pidgin is using libpurple that is
why I said so.
Actually security bug is with libpurple. I was going through the code base
and I found the openSSL APIs used in libpurple as I have mentioned in the
first mail.
On Sat, Apr 13, 2013 at 8:07 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Radhesh Krishnan K spake unto us the following wisdom:
> > I would like to report a security bug in pidgin-2.10.7. Pidgin is using
> > openSSL library for creating secure connections.
>
> Pidgin does not use OpenSSL for SSL, and is license-incompatible with
> SSL. Are you using a third-party OpenSSL plugin?
>
> Ethan
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEVAwUBUWltvv8fixZ3H8crAQjpmgf/YCAEumL9qDSQIAjELXfBf9v8oBqVvs/Q
> Gg1QZmyjDlr7anYT/wFBJt9aHuimApUD29iJyselcGiWbCkjXCuRpavLh0lhHdJx
> PBH0YTK8hyiasJ2qfP3FoE+ez+2cB8rSwLBJrzsDNYcgeHcYEitxY9api8JZIsnl
> VW8NfGi8JTWZkIv+loOEMgaYQWkJ2eok+Aa+oRc8/ZCKDenrJUDzlGjQwqbxs3YS
> K6kfLDxg2A1tNgHeWUMz/vwPpaDnCfz1EjUdXLNfNc8rsbL9HWp7RqZKcg9Wp8Ax
> 6rZ4WZ6eMt5iGl2PVX5HBiEipMaDKjPZ5fr4MLCNci092jOMXYI6Ag==
> =64OI
> -----END PGP SIGNATURE-----
>
>
--
Regards,
Radhesh Krishnan K.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130413/ddcfb7d1/attachment.html>
More information about the security
mailing list