Security Bug in Pidgin-2.10.7
Ethan Blanton
elb at pidgin.im
Sat Apr 13 11:55:45 EDT 2013
Radhesh Krishnan K spake unto us the following wisdom:
> Okay, May be I am wrong. Please help me to understand this.
This is a complex issue, actually.
> FIle I am refering is "*
> pidgin-2.10.7/libpurple/protocols/gg/lib/events.c:843*"
This file is an imported version of the externally-maintained libgadu
library.
> Code starting from here.
>
> #ifdef GG_CONFIG_HAVE_OPENSSL
We never set this flag. When linking against an external libgadu, we
additionally have this check:
#if defined(__GG_LIBGADU_HAVE_OPENSSL) || defined(GG_CONFIG_HAVE_OPENSSL)
#error "libgadu is not compatible with the GPL when compiled with OpenSSL support."
#endif
This code is dead code in libpurple. The issue you found may be real,
however, and should be taken up with the libgadu developers. I have
Cc'd our own Tomasz Wasilczyk, who has worked with the libgadu
developers, and attached your original message.
Ethan
-------------- next part --------------
An embedded message was scrubbed...
From: Radhesh Krishnan K <radheshkrishnank at gmail.com>
Subject: Security Bug in Pidgin-2.10.7
Date: Sat, 13 Apr 2013 20:03:44 +0530
Size: 10928
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130413/e1fab1dc/attachment-0001.mht>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130413/e1fab1dc/attachment-0001.pgp>
More information about the security
mailing list