NOTE: This issue was not reported to a security reporting body.
|Summary||Cipher API information disclosure|
|Discovered By||Julia Lawall|
|Fixed In Release||2.7.10|
It was discovered that libpurple versions prior to 2.7.10 do not properly clear
certain data structures used in
libpurple/cipher.c prior to freeing. An
attacker could potentially extract partial information from memory regions freed
Proper structure clearing has been implemented.