question about the CVE-2014-3775 fix
Daniel Atallah
daniel.atallah at gmail.com
Tue May 27 09:54:59 EDT 2014
On Mon, May 26, 2014 at 3:59 AM, Tomasz Wasilczyk <tomasz at wasilczyk.pl> wrote:
> We doesn't support DCC feature, so our code may not be vulnerable. Anyway,
> libgadu 1.12.0 stable is about to be released at the end of may and I will
> update it then.
The vulnerability description references Pidgin specifically -
"libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin
and other products..."
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3775
If we are indeed not vulnerable, we probably should post some sort of
public clarification (the devel mailing list may be public enough).
-D
>
> Thanks,
> Tomek
>
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
More information about the security
mailing list