[Pidgin] #14571: Win32 installer uses insecure GTK+ version
Pidgin
trac at pidgin.im
Thu Aug 23 19:22:51 EDT 2012
#14571: Win32 installer uses insecure GTK+ version
--------------------+-------------------------------------------------------
Reporter: sdierl | Owner: datallah
Type: defect | Status: new
Milestone: 3.0.0 | Component: winpidgin (gtk)
Version: 2.10.0 | Resolution:
Keywords: |
--------------------+-------------------------------------------------------
Comment(by ioerror):
I did read your comments and I am asking a question that has not been
previously asked. It is still un-addressed:
Is there an assertion that none of the vulnerable .dll code is used
*anywhere* by *anything*?
If so, why not remove the unused .dll files?
If I had a newer dll version locally, yes, I realize that Pidgin *might*
load it. However, I don't have a newer version locally, that is why I
installed the version provided by the Pidgin installer. It was surprising
that it wasn't as current a build as the rest of Pidgin.
Furthermore, when you say it isn't an over the wire vulnerability, how
exactly is Pidgin decoding my buddy's PNG icon if not with the libpng code
in the .dll?
--
Ticket URL: <http://developer.pidgin.im/ticket/14571#comment:10>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list