Date: Wed, 5 Sep 2012 17:18:25 +0200 From: Marcus Meissner <meissner@...e.de> To: Jan Lieskovsky <jlieskov@...hat.com> Cc: oss-security@...ts.openwall.com Subject: Re: CVE Request: pidgin lack of SSL checks On Wed, Sep 05, 2012 at 11:01:03AM -0400, Jan Lieskovsky wrote: > Hello Marcus, > > > Hi, > > > > Beautiful rant... needs CVE I guess. > > http://developer.pidgin.im/ticket/15308 > > > > Missing SSL checks in libpurples NSS SSL plugin allows MitM attacks. > > Actually right now it looks there isn't an issue at all > (if I got that clarification correctly): >  http://developer.pidgin.im/ticket/15308#comment:3 > > Thus I would wait with CVE assignment for a bit till "water surface > has had chance to quieten down". Yes, I just wanted to write about the same comment. Sorry for the noise so far ... although I suspect there might be dragons. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.