mxit libpurple protocol

Andrew Victor andrew.victor at mxit.com
Sun May 1 12:47:15 EDT 2016


hi,

That is correct, the following are outstanding:

TALOS-CAN-0119      -- HTTP Content-Length
TALOS-CAN-0136      -- g_snprintf
TALOS-CAN-0135      -- Avatar Chunk OOB
TALOS-CAN-0138      -- Custom Resource Chunk OOB
TALOS-CAN-0140      -- GetFile Chunk OOB

I don't have an ETA for them yet - but an working on when I get time.

What date did TALOS report them?  ie, when is the 60 days?


Regards,
  Andrew Victor







On Sun, May 1, 2016 at 4:40 PM, Ethan Blanton <elb at pidgin.im> wrote:

> Andrew,
>
> It looks to me like most of the vulnerabilities are patched or cannot
> be fixed (122), but the following remain outstanding:
>
> 119
> 135
> 136
> 138
> 140
>
> Is this the case?  Do you have an ETA on fixes?  TALOS policy is
> forced disclosure after 60 days, we'd really like to come in under
> that wire if possible.
>
> Ethan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160501/6c569a0c/attachment.html>


More information about the security mailing list