Security Bug in Pidgin-2.10.7
Radhesh Krishnan K
radheshkrishnank at gmail.com
Sat Apr 13 11:47:15 EDT 2013
Okay, May be I am wrong. Please help me to understand this.
FIle I am refering is "*
Code starting from here.
gg_debug_session(sess, GG_DEBUG_MISC, "//
if ((res = SSL_connect(sess->ssl)) <= 0)
On Sat, Apr 13, 2013 at 9:12 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Radhesh Krishnan K spake unto us the following wisdom:
> > libpurple is using openSSL. And I believe pidgin is using libpurple
> > that is why I said so. Actually security bug is with libpurple. I was
> > going through the code base and I found the openSSL APIs used in
> > libpurple as I have mentioned in the first mail.
> No, libpurple does not use OpenSSL, as it is license incompatible with
> our unmodified GPL v2 license. Please indicate the specific file and
> line where you believe you have found OpenSSL code, as well as where
> you received your source code, and maybe we can clear up this
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> -----END PGP SIGNATURE-----
Radhesh Krishnan K.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security