NOTE: This issue was not reported to a security reporting body.
| Summary | Cipher API information disclosure |
|---|---|
| Date | 2011-02-06 |
| Discovered By | Julia Lawall |
| Fixed In Release | 2.7.10 |
It was discovered that libpurple versions prior to 2.7.10 do not properly clear
certain data structures used in libpurple/cipher.c prior to freeing. An
attacker could potentially extract partial information from memory regions freed
by libpurple.
Proper structure clearing has been implemented.