Potential security issue: Yahoo authorisation requests with invalid encoding
mark at kingant.net
Tue Feb 5 02:43:24 EST 2013
I've been looking at this a bit, and I think it's going to take some
work. Our string handling in Yahoo is pretty inconsistent, and I
think we'll want to do some testing with Windows clients to make sure
we're behaving sanely. I think that will take time.
I'd like to go ahead and do a Pidgin release nowish with the fixes for
the two MXit problems, and with working SSL CA certs, and we can do
another release once we're confident we have a patch for this issue.
Does that sound ok to people?
More information about the security