mxit libpurple protocol
Andrew Victor
andrew.victor at mxit.com
Sun May 1 12:47:15 EDT 2016
hi,
That is correct, the following are outstanding:
TALOS-CAN-0119 -- HTTP Content-Length
TALOS-CAN-0136 -- g_snprintf
TALOS-CAN-0135 -- Avatar Chunk OOB
TALOS-CAN-0138 -- Custom Resource Chunk OOB
TALOS-CAN-0140 -- GetFile Chunk OOB
I don't have an ETA for them yet - but an working on when I get time.
What date did TALOS report them? ie, when is the 60 days?
Regards,
Andrew Victor
On Sun, May 1, 2016 at 4:40 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Andrew,
>
> It looks to me like most of the vulnerabilities are patched or cannot
> be fixed (122), but the following remain outstanding:
>
> 119
> 135
> 136
> 138
> 140
>
> Is this the case? Do you have an ETA on fixes? TALOS policy is
> forced disclosure after 60 days, we'd really like to come in under
> that wire if possible.
>
> Ethan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160501/6c569a0c/attachment.html>
More information about the security
mailing list