Security Bug in Pidgin-2.10.7

Ethan Blanton elb at
Sat Apr 13 11:42:02 EDT 2013

Radhesh Krishnan K spake unto us the following wisdom:
> libpurple is using openSSL. And I believe pidgin is using libpurple
> that is why I said so. Actually security bug is with libpurple. I was
> going through the code base and I found the openSSL APIs used in
> libpurple as I have mentioned in the first mail.

No, libpurple does not use OpenSSL, as it is license incompatible with
our unmodified GPL v2 license.  Please indicate the specific file and
line where you believe you have found OpenSSL code, as well as where
you received your source code, and maybe we can clear up this

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <>

More information about the security mailing list