[Pidgin] #15286: Master bug for old libraries in Windows Pidgin build

Pidgin trac at pidgin.im
Sun Aug 26 00:30:10 EDT 2012 

#15286: Master bug for old libraries in Windows Pidgin build
----------------------+-----------------------------------------------------
 Reporter:  ioerror   |        Owner:  datallah       
     Type:  defect    |       Status:  new            
Milestone:            |    Component:  winpidgin (gtk)
  Version:  2.10.6    |   Resolution:                 
 Keywords:  security  |  
----------------------+-----------------------------------------------------

Comment(by datallah):

 Replying to [comment:4 ioerror]:

 > exchndl.dll appears to be the Crash Reporting Library (
 http://developer.pidgin.im/static/win32/pidgin-inst-deps-20100315.tar.gz).
 I think the source for that dll is from
 http://pidgin.im/~datallah/exchndl.c - is that the code for the exception
 handler/Crash Reporter? If so, is it actually free software? Either way -
 according to the author of MSJExceptionHandler, it was replaced by
 WheatyExceptionReport ( http://www.wheaty.net/Columns.htm ) in 2002 (
 http://bwmangos.googlecode.com/svn/trunk/src/shared/WheatyExceptionReport.cpp
 ). Furthermore, it appears that it is pretty unsafe in general:
 > {{{
 > exchndl.dll
 > }}}

 Yes, that's the crash report generator.
 It isn't actually MSJExceptionHandler, but I guess that was an inspiration
 or something.
 It is LGPL - it's from http://code.google.com/p/jrfonseca/ - it's part of
 drmingw.
 It's been modified somewhat to suite our needs.
 What are your specific complaints about it being unsafe?

 > The following are Pidgin/libpurple code (including '''plugins/*''') and
 not thought to be covered by any CVEs - though I guess I'll wait for
 explicit confirmation from the pidgin team, as they're the authority on
 these dlls:
 > {{{
 > libjabber.dll
 > liboscar.dll
 > libpurple.dll
 > libymsg.dll
 > pidgin.dll
 > }}}

 These are all part of the libpurple and pidgin codebase and are built from
 the pidgin codebase during each release.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/15286#comment:5>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list