[prev in list] [next in list] [prev in thread] [next in thread]
List: kopete-devel
Subject: [Kopete-devel] Re: 12 GAIM security issues...
From: Matt Rogers <matt.rogers () kdemail ! net>
Date: 2004-01-27 2:17:58
Message-ID: 200401262017.59035.matt.rogers () kdemail ! net
[Download RAW message or body]
On Monday 26 January 2004 07:16 pm, Matt Rogers wrote:
> On Monday 26 January 2004 07:06 pm, Ralf Nolden wrote:
> > Hi,
> >
> > I think this message on heise.de about 12 *different* security issues is
> > quite enlightning how bad PR can get...
> >
> > http://www.heise.de/newsticker/data/dab-26.01.04-003/
> >
> > Considering that those issues sometimes are related to the yahoo
> > protocol, we may want to take a look at those and see that kopete is not
> > affected. Would be bad if we had to issue out a security advisory to
> > prevent this mega-bomb of bad PR for 3.2.
> >
> > Ralf
>
> I'm currently investigating the _one_ vulnerability that applies to kopete
> here. All the others are gaim specific.
>
> Please see this thread
> http://lists.kde.org/?l=kopete-devel&m=107514167112876&w=2 for more
> information.
>
>
> Matt
And to follow up, none of these issues affect us. Kopete uses a seperate
library called libyahoo2 as the yahoo backend and while the code is a
derivative of gaim, it's not completely the same. Points one and two of the
heise.de article don't affect libyahoo2 because they wrote their own
encoder/decoder and they don't looke at \ escaping. Also, Points 3, 4, and 5
do not affect us because we don't use the web messenger protocol. Point 6
was fixed in version libyahoo2 by switching from an array to a pointer. the
pointer is malloc'ed to the correct size.
Sorry for the false alarm.
Matt
--
yup, i know what i'm doing.
_______________________________________________
Kopete-devel mailing list
Kopete-devel@kde.org
https://mail.kde.org/mailman/listinfo/kopete-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic