oss-sec mailing list archives
Re: CVE Request: pidgin lack of SSL checks
From: Marcus Meissner <meissner () suse de>
Date: Wed, 5 Sep 2012 17:18:25 +0200
On Wed, Sep 05, 2012 at 11:01:03AM -0400, Jan Lieskovsky wrote:
Hello Marcus,Hi, Beautiful rant... needs CVE I guess. http://developer.pidgin.im/ticket/15308 Missing SSL checks in libpurples NSS SSL plugin allows MitM attacks.Actually right now it looks there isn't an issue at all (if I got that clarification correctly): [1] http://developer.pidgin.im/ticket/15308#comment:3 Thus I would wait with CVE assignment for a bit till "water surface has had chance to quieten down".
Yes, I just wanted to write about the same comment. Sorry for the noise so far ... although I suspect there might be dragons. Ciao, Marcus
Current thread:
- CVE Request: pidgin lack of SSL checks Marcus Meissner (Sep 05)
- Re: CVE Request: pidgin lack of SSL checks Jan Lieskovsky (Sep 05)
- Re: CVE Request: pidgin lack of SSL checks Marcus Meissner (Sep 05)
- Re: CVE Request: pidgin lack of SSL checks Jan Lieskovsky (Sep 05)