Discussion:
CVE-2017-2640 in libpurple
erythronium23
2017-03-15 23:46:05 UTC
Permalink
Recently a security issue (CVE-2017-2640) was fixed in libpurple:

https://www.pidgin.im/news/security/?id=109

SecurityFocus and Ubuntu say the vulnerability impact is arbitrary code
execution on the client.

Is the Adium team aware of this issue? Is there a response in the works?
Does the Adium team have processes in place for handling and responding to
security errata in libpurple? I'd be happy to help with any or all of the
above.

Thanks,

Eryt
Chris Forsythe
2017-03-24 15:07:51 UTC
Permalink
The guys are working on a release. In the meantime if you would like you
can build your own. Please read the published documentation about how to
update and build libpurple here:

https://trac.adium.im/wiki/GettingLibpurpleSource

Which is linked from here:

https://trac.adium.im/wiki/GettingAdiumSource

(Section 2)
Post by erythronium23
https://www.pidgin.im/news/security/?id=109
SecurityFocus and Ubuntu say the vulnerability impact is arbitrary code
execution on the client.
Is the Adium team aware of this issue? Is there a response in the works?
Does the Adium team have processes in place for handling and responding to
security errata in libpurple? I'd be happy to help with any or all of the
above.
Thanks,
Eryt
--
Chris Forsythe
Loading...