[Pidgin] #15286: Master bug for old libraries in Windows Pidgin build

Pidgin trac at pidgin.im
Sun Aug 26 02:05:55 EDT 2012

#15286: Master bug for old libraries in Windows Pidgin build
 Reporter:  ioerror   |        Owner:  datallah       
     Type:  defect    |       Status:  new            
Milestone:            |    Component:  winpidgin (gtk)
  Version:  2.10.6    |   Resolution:                 
 Keywords:  security  |  

Comment(by ioerror):

 Replying to [comment:12 datallah]:
 > Replying to [comment:10 abadidea]:
 > > Replying to [comment:8 datallah]:
 > > > Why are all of these being posted publicly?
 > >
 > > the ticket that ioerror opened for "all the DLLs are out of date"
 (#15281) was closed as a duplicate of #14571 which was opened just about a
 year ago.
 > Right, that ticket also shouldn't have been opened either, but it wasn't
 a real problem anyway.

 I think pidgin should get a security tag that actually makes the bugs
 private, perhaps?

 > The instructions on the top of the ticket page link to
 [wiki:TipsForBugReports] which has instructions about how to deal with
 security issues.

 Ok - well, if I find any novel 0day, I'll drop it an a private message. I
 didn't think that shipping old buggy libraries, as I said, counted.

 > >
 > > This isn't 0day, this is nday for very high values of n :)
 > Like I said, it is not known information about Pidgin.

 Pidgin is known to have a pretty bad security reputation and I am doubtful
 that I am the first to find any of these issues. As we saw in #14571, some
 guy's ''automated security software'' actually finds these kinds of bugs
 in the pidgin software releases. I feel like such a a sucker, I had to
 slum it with objdump...

Ticket URL: <http://developer.pidgin.im/ticket/15286#comment:14>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list