Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 5 Sep 2012 17:18:25 +0200
From: Marcus Meissner <meissner@...e.de>
To: Jan Lieskovsky <jlieskov@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE Request: pidgin lack of SSL checks

On Wed, Sep 05, 2012 at 11:01:03AM -0400, Jan Lieskovsky wrote:
> Hello Marcus, 
> 
> > Hi,
> > 
> > Beautiful rant... needs CVE I guess.
> > http://developer.pidgin.im/ticket/15308
> > 
> > Missing SSL checks in libpurples NSS SSL plugin allows MitM attacks.
> 
> Actually right now it looks there isn't an issue at all
> (if I got that clarification correctly):
> [1] http://developer.pidgin.im/ticket/15308#comment:3
> 
> Thus I would wait with CVE assignment for a bit till "water surface
> has had chance to quieten down".

Yes, I just wanted to write about the same comment.

Sorry for the noise so far ... although I suspect there might be dragons.

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.