Date: Wed, 5 Sep 2012 13:48:50 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: pidgin lack of SSL checks Hi, Beautiful rant... needs CVE I guess. http://developer.pidgin.im/ticket/15308 Missing SSL checks in libpurples NSS SSL plugin allows MitM attacks. (funny side note here is that gnutls 3.x is GPLv3 and effectively could taint any library/binary linking with it to be GPLv3 or newer.) Ciao, Marcus -- Open Linux Security Engineer Position at SUSE: http://bit.ly/Li4RbS
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.