[Pidgin] #14670: Outdated NSS included with Windows installer
Pidgin
trac at pidgin.im
Sun Feb 10 15:17:23 EST 2013
#14670: Outdated NSS included with Windows installer
---------------------------------+------------------------------
Reporter: itsnotabigtruck | Owner: datallah
Type: defect | Status: closed
Milestone: 2.10.7 | Component: winpidgin (gtk)
Version: 2.10.0 | Resolution: fixed
Keywords: ssl tls nss windows |
---------------------------------+------------------------------
Comment (by DrWhax):
Just to give the developers an update, your shipping DigiNotar AND
TurkTrust certs which have been compromised?
And what do you *exactly* mean with;
It looks like the DigiNotar issue isn't a problem as while Pidgin
loads the NSS trusted roots DLL (nssckbi.dll), it doesn't actually trust
those roots"
Are you saying those certs are not being used at all, are they not trusted
yet being used, if so, how exactly?
It would be good to ship the latest release NSS 3.14.1 instead of 3.13.6
which is oudated and contains numerous vulnerabilities.
If these are being used, I hope the Pidgin developers will schedule an
emergency security release to update the users to the latest version..
--
Ticket URL: <https://developer.pidgin.im/ticket/14670#comment:3>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list