[Pidgin] #10097: JPEG vunerability reports from Sophos AV
Pidgin
trac at pidgin.im
Wed Aug 26 11:03:23 EDT 2009
#10097: JPEG vunerability reports from Sophos AV
---------------------+------------------------------------------------------
Reporter: into_311 | Type: defect
Status: new | Component: libpurple
Version: 2.6.1 | Keywords: security, vulnerability, jpeg, jpg, buddy icons
---------------------+------------------------------------------------------
I am getting reports from my Sophos AV that it found some infected jpg's
in the .purple folder where my buddy icons are stored.
This is due the GDI+ vulnerability that was discovered several years ago.
You can find more information on the security bulletin here:
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
This is the information Sophos gives me on the vulnerability:
http://www.sophos.com/security/analyses/viruses-and-
spyware/expms04028.html
I am running Windows 7 with the latest updates, and no Office XP or 2003
software. According to Microsoft none of my applications are vulnerable.
But for some reason I keep getting these security messages.
I have tried turning off buddy icons to see if that helps it go away. But
in order to do so, I have had to turn off all budy details :(
I'm not sure if this is a problem with a .dll the program is using. Or if
there is even a way to disable vulnerable jpeg's from being used by
pidgin. But I wanted to report this so that you are aware of the problem
anyways.
--
Ticket URL: <http://developer.pidgin.im/ticket/10097>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list