PublicDate: 2008-08-08 19:41:00 UTC
Candidate: CVE-2008-3532
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532
 https://ubuntu.com/security/notices/USN-675-1
Description:
 The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL
 certificates, which makes it easier for remote attackers to trick a user
 into accepting an invalid server certificate for a spoofed service.
Ubuntu-Description:
Notes:
 mdeslaur> In dapper, nss is not compiled in
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434
 https://bugs.launchpad.net/bugs/251304
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_pidgin:
 other: http://developer.pidgin.im/ticket/6500
 upstream: http://developer.pidgin.im/viewmtn/revision/info/ad677f4ab3dcd31d42fe39edbb9e9207dcf93df6
 upstream: http://developer.pidgin.im/viewmtn/revision/info/3cbc74478c8df61d53804d0363dc936a3e0adeb7
upstream_pidgin: released (2.4.3-2)
dapper_pidgin: DNE
feisty_pidgin: DNE
gutsy_pidgin: released (1:2.2.1-1ubuntu4.3)
hardy_pidgin: released (1:2.4.1-1ubuntu2.2)
intrepid_pidgin: not-affected (1:2.5.2-0ubuntu1)
devel_pidgin: not-affected (1:2.5.2-0ubuntu1)

Patches_gaim:
upstream_gaim: released (2.4.3-2)
dapper_gaim: not-affected (1:1.5.0+1.5.1cvs20051015-1ubuntu10)
feisty_gaim: needed (reached end-of-life)
gutsy_gaim: DNE
hardy_gaim: DNE
intrepid_gaim: DNE
devel_gaim: DNE