oss-sec mailing list archives

CVE id request: pidgin

From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Mon, 24 Aug 2009 19:10:45 +1000

Hi

There seems to be another issue with pidgin. It does not enforce SSL/TLS and 
seems to connect without encryption, although the box is ticked.

See Debian Bug here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891

This upstream commit was pointed out to me:
http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279

Reporter promised to check whether gaim is affected too, so I guess the 
bugreport will be updated.

Could I please get a CVE id for this?

Cheers
Steffen

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE id request: pidgin Steffen Joeris (Aug 24)
- Re: CVE id request: pidgin Steven M. Christey (Aug 31)