Pidgin Security Advisory
| Title | Cipher API information disclosure |
|---|
| Date | 2011-02-06 |
|---|
| CVE Name | N/A |
|---|
| Discovered By | Julia Lawall |
|---|
| Summary | Potential local information disclosure in libpurple |
|---|
| Description | It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple. |
|---|
| Fixed in Revision | 8c850977cb42 |
|---|
| Fixed in Version | 2.7.10 |
|---|
| Fix | Proper structure clearing has been implemented. |
|---|
Return to Security Advisory Index
