pidgin.im Needs Major Security Update: CVE-2014-0224
Elliott Sales de Andrade
qulogic at pidgin.im
Fri Jun 13 23:52:59 EDT 2014
Hi Daniel,
Can you also check into d.p.i as well? It's supposedly
vulnerable-but-maybe-not-exploitable...
On 13 June 2014 23:36, Daniel Atallah <daniel.atallah at gmail.com> wrote:
> This has been addressed.
>
> Thanks.
>
>
> On Fri, Jun 13, 2014 at 2:10 PM, William Rolison <williamrolison at gmail.com
> > wrote:
>
>> Hi,
>>
>> pidgin.im Needs Major Security Update: CVE-2014-0224
>>
>> "This server is vulnerable to the OpenSSL CCS vulnerability
>> (CVE-2014-0224) and exploitable."
>>
>> See full report @
>> https://www.ssllabs.com/ssltest/analyze.html?d=pidgin.im
>>
>> While you at it, please drop RC4, add Robust Forward Secrecy, and
>> enable Strict Transport Security (HSTS).
>>
>> Thanks,
>>
>> Will
>>
>> --
>> _________________________________
>> Contact Info:
>>
>> Name: William Rolison
>> E-Mail: williamrolison at gmail.com
>> Cell Phone: (803) 753-8824
>> _______________________________________________
>> security mailing list
>> security at pidgin.im
>> https://pidgin.im/cgi-bin/mailman/listinfo/security
>>
>
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
--
Elliott aka QuLogic
Pidgin developer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140613/67ecb849/attachment.html>
More information about the security
mailing list