PGP key for vulnerability reports

Mark Doliner mark at
Wed Jan 22 04:18:02 EST 2014

Hi again. Just wanted to share some info. The embargo date is set:
Tuesday 2013-01-28 at 07:00 PST, 10:00 EST, 15:00 UTC.

We'll be releasing Pidgin 2.10.8 at that time. And we have two CVEs
for the bugs you found.

- Pidgin uses clickable links to untrusted executables

Used for three similar but different issues:
- Buffer overflow in Gadu-Gadu HTTP parsing
- Buffer overflow in MXit emoticon parsing
- Buffer overflow in SIMPLE header parsing

More information about the security mailing list