[Pidgin] #14571: Win32 installer uses insecure GTK+ version
Pidgin
trac at pidgin.im
Fri Aug 24 09:38:32 EDT 2012
#14571: Win32 installer uses insecure GTK+ version
--------------------+-------------------------------------------------------
Reporter: sdierl | Owner: datallah
Type: defect | Status: new
Milestone: 3.0.0 | Component: winpidgin (gtk)
Version: 2.10.0 | Resolution:
Keywords: |
--------------------+-------------------------------------------------------
Comment(by datallah):
Replying to [comment:16 ioerror]:
> I changed the malformed png a bit:
<SNIP>
> It appears that this png doesn't get wiped from disk even though it is
clearly malformed. Additionally, I only see those decode errors on the
Windows Pidgin, I do not see them on the Ubuntu Pidgin. I think that means
that I am hitting the GTK libs that are vulnerable, perhaps?
The fact that the file is still there there isn't a problem; it's just a
cached value of what the server sent; we wouldn't want to re-download the
same data.
--
Ticket URL: <http://developer.pidgin.im/ticket/14571#comment:19>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list