oss-sec mailing list archives
CVE id request: pidgin
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Mon, 24 Aug 2009 19:10:45 +1000
Hi There seems to be another issue with pidgin. It does not enforce SSL/TLS and seems to connect without encryption, although the box is ticked. See Debian Bug here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891 This upstream commit was pointed out to me: http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279 Reporter promised to check whether gaim is affected too, so I guess the bugreport will be updated. Could I please get a CVE id for this? Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE id request: pidgin Steffen Joeris (Aug 24)
- Re: CVE id request: pidgin Steven M. Christey (Aug 31)