oss-sec mailing list archives
CVE Request: pidgin lack of SSL checks
From: Marcus Meissner <meissner () suse de>
Date: Wed, 5 Sep 2012 13:48:50 +0200
Hi, Beautiful rant... needs CVE I guess. http://developer.pidgin.im/ticket/15308 Missing SSL checks in libpurples NSS SSL plugin allows MitM attacks. (funny side note here is that gnutls 3.x is GPLv3 and effectively could taint any library/binary linking with it to be GPLv3 or newer.) Ciao, Marcus -- Open Linux Security Engineer Position at SUSE: http://bit.ly/Li4RbS
Current thread:
- CVE Request: pidgin lack of SSL checks Marcus Meissner (Sep 05)
- Re: CVE Request: pidgin lack of SSL checks Jan Lieskovsky (Sep 05)
- Re: CVE Request: pidgin lack of SSL checks Marcus Meissner (Sep 05)
- Re: CVE Request: pidgin lack of SSL checks Jan Lieskovsky (Sep 05)