Dette er en liste over sikkerheds annonceringer der er blevet frigivet for den aktuelle og stabile version af Frugalware
| Pakke: | pidgin |
| Dato: | 2008-08-31 |
| Sårbar version: | 2.4.3-1kalgan1 |
| Ikke-berørt version: | 2.4.3-1kalgan2 |
| Bug sporings post: | http://bugs.frugalware.org/task/3308 |
| CVEs: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532 |
| Beskrivelse: | A security issue has been reported in Pidgin, which can be exploited by malicious people to conduct spoofing attacks. The problem is that the certificate presented by e.g. a Jabber server at the beginning of an SSL session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack. Successful exploitation requires that Pidgin is configured to use the NSS plugin. |











