PGP key for vulnerability reports
Mark Doliner
mark at kingant.net
Wed Jan 22 04:18:02 EST 2014
Hi again. Just wanted to share some info. The embargo date is set:
Tuesday 2013-01-28 at 07:00 PST, 10:00 EST, 15:00 UTC.
We'll be releasing Pidgin 2.10.8 at that time. And we have two CVEs
for the bugs you found.
CVE-2013-6486
- Pidgin uses clickable links to untrusted executables
CVE-2013-6487
Used for three similar but different issues:
- Buffer overflow in Gadu-Gadu HTTP parsing
- Buffer overflow in MXit emoticon parsing
- Buffer overflow in SIMPLE header parsing
More information about the security
mailing list