independent-20110206-00

NOTE: This issue was not reported to a security reporting body.

Summary Cipher API information disclosure
Date 2011-02-06
Discovered By Julia Lawall
Fixed In Release 2.7.10

Description

It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple.

Mitigation

Proper structure clearing has been implemented.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site