pidgin/old.pidgin.im
Clone
Summary
Browse
Changes
Graph
Cleanup the phrasing from robbie's update
2019-05-27, Gary Kramlich
91a038356993
Cleanup the phrasing from robbie's update
<?php
// Update these to match the current page.
$page
[
'title'
]
=
"Pidgin, libpurple, and finch security and vulnerabilities"
;
$page
[
'section'
]
=
"Security"
;
$page
[
'description'
]
=
"Security and vulnerability contact and process information for Pidgin and related projects."
;
include
(
$_SERVER
[
'DOCUMENT_ROOT'
]
.
"/../inc/header.inc"
);
include
(
$_SERVER
[
'DOCUMENT_ROOT'
]
.
"/../inc/version.inc"
);
?>
<div
id=
"content"
>
<div
class=
"box_full"
>
<div
id=
"main"
>
<h1>
Pidgin
Security
</h1>
<p>
Being
a
network
client
which
interacts
with
untrusted
users
and
servers,
managing
vulnerabilities
and
security
response
is
important
to
the
Pidgin
project
and
to
our
users.
We
have
established
procedures
for
collecting
security-related
information,
and
for
disclosing
this
information
to
the
public.
</p>
<p>
Please
see
our
comprehensive
<a
href=
"/news/security/"
>
list
of
known
and
reported
security
advisories
</a>
for
information
on
past
vulnerabilities.
</p>
<h2>
Reporting
a
Security-related
Issue
</h2>
<p>
If
you
believe
you
have
discovered
a
security
problem
or
vulnerability
in
Pidgin,
libpurple,
finch,
or
one
of
our
related
projects,
please
let
us
know
by
emailing
<a
href=
"mailto:security@pidgin.im"
>
security@pidgin.im
</a>
.
</p>
<p>
In
order
to
help
us
fix
the
problem
as
quickly
as
possible
and
with
as
little
exposure
to
malicious
intent
to
our
users
as
can
be
managed,
we
ask
that
you
give
us
a
chance
to
fix
the
problem
before
you
publish
its
existence
or
details
in
a
public
forum,
and
that
you
provide
us
with
as
much
information
as
you
can.
In
return,
we
will
endeavor
to
respond
to
your
concerns
in
a
timely
fashion.
When
reporting
a
security-related
bug
or
a
vulnerability,
please
provide
us
with
as
much
of
the
information
in
the
following
list
as
possible.
If
you
don't
know
what
something
is
or
how
to
provide
it,
that's
OK,
leave
it
out
and
tell
us
what
you
do
know.
</p>
<ul>
<li><p>
A
way
to
contact
you
or
your
organization.
</p></li>
<li><p>
The
version
of
Pidgin,
libpurple,
finch,
or
other
package
in
which
the
problem
was
discovered.
</p></li>
<li><p>
A
concise
description
of
the
problem,
including
a
summary
of
why
you
believe
it
is
security-critical.
This
might
be,
for
example,
"Receipt
of
an
invalid
XMPP
message
containing
the
tag
<
foo
>
causes
Pidgin
to
write
data
to
an
invalid
memory
location."
</p></li>
<li><p>
Steps
to
reproduce
the
problem,
if
known.
</p></li>
<li><p>
Any
debugging
information,
including
backtraces
(see
<a
href=
"https://developer.pidgin.im/wiki/GetABacktrace"
>
our
instructions
for
obtaining
a
backtrace
</a>
),
a
debug
log
(the
output
of
pidgin
-d),
etc.
</p></li>
<li><p>
Any
proof
of
concept
exploits,
debugging
tools,
or
other
information
you
have
and
are
willing
to
divulge.
</p></li>
<li><p>
The
oldest
and
newest
versions
of
our
software
affected
by
the
bug
<em>
to
the
best
of
your
knowledge
</em>
.
If
you
don't
know,
that's
fine
—
we'll
try
to
find
out.
</p></li>
<li><p>
Information
on
any
security
reports
or
vulnerability
assessments
you
may
have
already
made
on
the
issue
(preferably
not
yet
public,
as
mentioned
above).
</p></li>
<li><p>
Any
proposed
embargo
dates,
release
schedules,
etc.
you
or
your
organization
may
have
established.
</p></li>
</ul>
<h2>
Receiving
Security-related
Reports
</h2>
<p>
We
maintain
a
list
of
packagers
and
maintainers
of
Pidgin
and
related
software
which
we
notify
of
security
vulnerabilities
and
their
fixes
prior
to
disclosure
to
the
public.
This
allows
packagers
and
distributors
of
our
software
to
release
patched
or
updated
versions
simultaneously
with
the
public
disclosure
of
known
issues.
We
attempt
to
provide
sufficient
advance
warning
to
this
list
that
packages
may
be
properly
prepared
before
disclosure.
</p>
<p>
If
you
believe
you
should
be
on
this
list,
please
contact
<a
href=
"mailto:security@pidgin.im"
>
security@pidgin.im
</a>
and
let
us
know
why.
</p>
</div>
</div>
</div>
<?php
include
(
$_SERVER
[
'DOCUMENT_ROOT'
]
.
"/../inc/footer.inc"
);
?>