question about the CVE-2014-3775 fix
daniel.atallah at gmail.com
Tue May 27 09:54:59 EDT 2014
On Mon, May 26, 2014 at 3:59 AM, Tomasz Wasilczyk <tomasz at wasilczyk.pl> wrote:
> We doesn't support DCC feature, so our code may not be vulnerable. Anyway,
> libgadu 1.12.0 stable is about to be released at the end of may and I will
> update it then.
The vulnerability description references Pidgin specifically -
"libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin
and other products..."
If we are indeed not vulnerable, we probably should post some sort of
public clarification (the devel mailing list may be public enough).
> security mailing list
> security at pidgin.im
More information about the security