Security Bug in Pidgin-2.10.7

Radhesh Krishnan K radheshkrishnank at
Sat Apr 13 11:35:03 EDT 2013

Hi ,

libpurple is using openSSL. And I believe pidgin is using libpurple that is
why I said so.
Actually security bug is with libpurple. I was going through the code base
and I found the openSSL APIs used in libpurple as I have mentioned in the
first mail.

On Sat, Apr 13, 2013 at 8:07 PM, Ethan Blanton <elb at> wrote:

> Radhesh Krishnan K spake unto us the following wisdom:
> > I would like to report a security bug in pidgin-2.10.7.  Pidgin is using
> > openSSL library for creating secure connections.
> Pidgin does not use OpenSSL for SSL, and is license-incompatible with
> SSL.  Are you using a third-party OpenSSL plugin?
> Ethan
> Version: GnuPG v1.4.10 (GNU/Linux)
> iQEVAwUBUWltvv8fixZ3H8crAQjpmgf/YCAEumL9qDSQIAjELXfBf9v8oBqVvs/Q
> Gg1QZmyjDlr7anYT/wFBJt9aHuimApUD29iJyselcGiWbCkjXCuRpavLh0lhHdJx
> PBH0YTK8hyiasJ2qfP3FoE+ez+2cB8rSwLBJrzsDNYcgeHcYEitxY9api8JZIsnl
> VW8NfGi8JTWZkIv+loOEMgaYQWkJ2eok+Aa+oRc8/ZCKDenrJUDzlGjQwqbxs3YS
> K6kfLDxg2A1tNgHeWUMz/vwPpaDnCfz1EjUdXLNfNc8rsbL9HWp7RqZKcg9Wp8Ax
> 6rZ4WZ6eMt5iGl2PVX5HBiEipMaDKjPZ5fr4MLCNci092jOMXYI6Ag==
> =64OI


Radhesh Krishnan K.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security mailing list