pidgin.im Needs Major Security Update: CVE-2014-0224
Daniel Atallah
daniel.atallah at gmail.com
Sat Jun 14 00:08:08 EDT 2014
On Jun 13, 2014 11:52 PM, "Elliott Sales de Andrade" <qulogic at pidgin.im>
wrote:
>
> Hi Daniel,
>
> Can you also check into d.p.i as well? It's supposedly
vulnerable-but-maybe-not-exploitable...
I already did.
We'll need to wait until Debian squeeze has updated openssl packages.
>
>
> On 13 June 2014 23:36, Daniel Atallah <daniel.atallah at gmail.com> wrote:
>>
>> This has been addressed.
>>
>> Thanks.
>>
>>
>> On Fri, Jun 13, 2014 at 2:10 PM, William Rolison <
williamrolison at gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> pidgin.im Needs Major Security Update: CVE-2014-0224
>>>
>>> "This server is vulnerable to the OpenSSL CCS vulnerability
>>> (CVE-2014-0224) and exploitable."
>>>
>>> See full report @
https://www.ssllabs.com/ssltest/analyze.html?d=pidgin.im
>>>
>>> While you at it, please drop RC4, add Robust Forward Secrecy, and
>>> enable Strict Transport Security (HSTS).
>>>
>>> Thanks,
>>>
>>> Will
>>>
>>> --
>>> _________________________________
>>> Contact Info:
>>>
>>> Name: William Rolison
>>> E-Mail: williamrolison at gmail.com
>>> Cell Phone: (803) 753-8824
>>> _______________________________________________
>>> security mailing list
>>> security at pidgin.im
>>> https://pidgin.im/cgi-bin/mailman/listinfo/security
>>
>>
>>
>> _______________________________________________
>> security mailing list
>> security at pidgin.im
>> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
>
>
>
> --
> Elliott aka QuLogic
> Pidgin developer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140614/752c1087/attachment.html>
More information about the security
mailing list