independent-20110206-00

NOTE: This issue was not reported to a security reporting body.

Summary Cipher API information disclosure
Date 2011-02-06
Discovered By Julia Lawall
Fixed In Release 2.7.10

Description

It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple.

Mitigation

Proper structure clearing has been implemented.

Looking to reach us via XMPP? Check out the new PidginChat service!