[Pidgin] #14670: Outdated NSS included with Windows installer

Pidgin trac at pidgin.im
Sun Feb 10 15:17:23 EST 2013

#14670: Outdated NSS included with Windows installer
 Reporter:  itsnotabigtruck      |       Owner:  datallah
     Type:  defect               |      Status:  closed
Milestone:  2.10.7               |   Component:  winpidgin (gtk)
  Version:  2.10.0               |  Resolution:  fixed
 Keywords:  ssl tls nss windows  |

Comment (by DrWhax):

 Just to give the developers an update, your shipping DigiNotar AND
 TurkTrust certs which have been compromised?

 And what do you *exactly* mean with;

     It looks like the DigiNotar issue isn't a problem as while Pidgin
 loads the NSS trusted roots DLL (nssckbi.dll), it doesn't actually trust
 those roots"

 Are you saying those certs are not being used at all, are they not trusted
 yet being used, if so, how exactly?

 It would be good to ship the latest release NSS 3.14.1 instead of 3.13.6
 which is oudated and contains numerous vulnerabilities.

 If these are being used, I hope the Pidgin developers will schedule an
 emergency security release to update the users to the latest version..

Ticket URL: <https://developer.pidgin.im/ticket/14670#comment:3>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list