[Pidgin] #15284: NSS library out of date
Pidgin
trac at pidgin.im
Sat Aug 25 19:55:06 EDT 2012
#15284: NSS library out of date
-----------------------------+----------------------------------------------
Reporter: ioerror | Owner: datallah
Type: defect | Status: new
Component: winpidgin (gtk) | Version: 2.10.6
Keywords: security |
-----------------------------+----------------------------------------------
It appears that the pidgin libnss library shipped with the Windows release
is vulnerable to CVE-2012-0441 and perhaps other issues.
{{{
% strings nss3.dll|grep -i 3.1
$Header: NSS 3.12.5.0 Feb 28 2010 18:45:37 $
@(#)NSS 3.12.5.0 Feb 28 2010 18:45:37
}}}
http://www.mozilla.org/security/announce/2012/mfsa2012-39.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441
It may also be vulnerable to MITM ala CVE-2009-3555:
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
Is Pidgin shipping NSS 3.12.5.0? It appears that 3.12.6 is may be the way
to not be vulnerable to the above MITM issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=545755
--
Ticket URL: <http://developer.pidgin.im/ticket/15284>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list