[Pidgin] #7130: The Pidgin project is distributing an outdated/insecure GTK+ runtime
Pidgin
trac at pidgin.im
Thu Sep 18 21:21:21 EDT 2008
#7130: The Pidgin project is distributing an outdated/insecure GTK+ runtime
-----------------------------+----------------------------------------------
Reporter: aloishammer | Owner: datallah
Type: defect | Status: new
Component: winpidgin (gtk) | Version: 2.5.1
Keywords: security gtk+ |
-----------------------------+----------------------------------------------
GTK+ 2.12.8 Rev A, available from the Pidgin distribution site either
separately or included with the Pidgin installer, is using a considerably
outdated set of components that include major known security holes that
could probably be exploited remotely (buddy icons seems like a simple,
possible vector).
For instance, the versions of libtiff, freetype, and libpng distributed by
the Pidgin project all have at least one known security vulnerability.
I have tested and currently use Pidgin-Win32 with the vulnerable DLLs
overwritten by DLLs supplied from ftp.gnome.org, and Pidgin appears to
operate correctly with a full set of upgrades. I will attach the updated
file list from the set I'm currently using.
--
Ticket URL: <http://developer.pidgin.im/ticket/7130>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list