PGP key for vulnerability reports

Mark Doliner mark at kingant.net
Wed Jan 22 04:18:02 EST 2014


Hi again. Just wanted to share some info. The embargo date is set:
Tuesday 2013-01-28 at 07:00 PST, 10:00 EST, 15:00 UTC.

We'll be releasing Pidgin 2.10.8 at that time. And we have two CVEs
for the bugs you found.

CVE-2013-6486
- Pidgin uses clickable links to untrusted executables

CVE-2013-6487
Used for three similar but different issues:
- Buffer overflow in Gadu-Gadu HTTP parsing
- Buffer overflow in MXit emoticon parsing
- Buffer overflow in SIMPLE header parsing


More information about the security mailing list