question about the CVE-2014-3775 fix

Daniel Atallah daniel.atallah at
Tue May 27 09:54:59 EDT 2014

On Mon, May 26, 2014 at 3:59 AM, Tomasz Wasilczyk <tomasz at> wrote:
> We doesn't support DCC feature, so our code may not be vulnerable. Anyway,
> libgadu 1.12.0 stable is about to be released at the end of may and I will
> update it then.

The vulnerability description references Pidgin specifically -
"libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin
and other products..."

If we are indeed not vulnerable, we probably should post some sort of
public clarification (the devel mailing list may be public enough).


> Thanks,
> Tomek
> _______________________________________________
> security mailing list
> security at

More information about the security mailing list