CVE-2017-2640 in libpurple

6 views

Skip to first unread message

erythronium23

unread,

Mar 15, 2017, 7:46:57 PM3/15/17

to de...@adium.im

Recently a security issue (CVE-2017-2640) was fixed in libpurple:

https://www.pidgin.im/news/security/?id=109

SecurityFocus and Ubuntu say the vulnerability impact is arbitrary code execution on the client.

Is the Adium team aware of this issue? Is there a response in the works? Does the Adium team have processes in place for handling and responding to security errata in libpurple? I'd be happy to help with any or all of the above.

Thanks,

Eryt

Chris Forsythe

unread,

Mar 24, 2017, 11:08:49 AM3/24/17

to Adium Development List, erythr...@gmail.com

The guys are working on a release. In the meantime if you would like you can build your own. Please read the published documentation about how to update and build libpurple here:

https://trac.adium.im/wiki/GettingLibpurpleSource

Which is linked from here:

https://trac.adium.im/wiki/GettingAdiumSource

(Section 2)

Chris Forsythe

Reply all

Reply to author

Forward

0 new messages