Potential security issue: Yahoo authorisation requests with invalid encoding

Robert Vehse robertvehse at fastmail.fm
Mon Jul 15 17:34:27 EDT 2013

Am 05.02.2013 um 08:43 schrieb Mark Doliner <mark at kingant.net>:

> I've been looking at this a bit, and I think it's going to take some
> work.  Our string handling in Yahoo is pretty inconsistent, and I
> think we'll want to do some testing with Windows clients to make sure
> we're behaving sanely.  I think that will take time.
> I'd like to go ahead and do a Pidgin release nowish with the fixes for
> the two MXit problems, and with working SSL CA certs, and we can do
> another release once we're confident we have a patch for this issue.
> Does that sound ok to people?

Did anything become of this?


More information about the security mailing list