Michael Gilbert wrote: > On Sat, 12 Dec 2009 16:05:55 -0800 Ludovico Cavedon wrote: >> Michael Gilbert wrote: >>> the following CVE (Common Vulnerabilities & Exposures) id was published >>> for libgadu. Centerim embeds libpurple, which embeds libgadu, so it is >>> affected. >> I am sure what stated above is correct. According to my investigation: >> -libpurble does not embded libgadu directly, but has its own >> implementation of the gadugadu protocol >> -centerim embeds libgadu directly >> >> Therefore this CVE does not apply to qutecom. > > based on [0], qutecom embeds the exact same code as libpurple, > so it is indeed affected. > > [0] http://source.debian.net/source/search?q=&defs=&refs=&path=libgadu.c&hist=
Yes, you are right, I missed the "lib" directory in "gg". However I realized that the version of libpurple internally compiled by qutecom is not including gadugadu support, but only jabber, msn, yahoo and oscar [1]. Thanks, Ludovico [1] http://source.debian.net/source/xref/main/q/qutecom/libs/3rdparty/libpurple/CMakeLists-unix.txt
signature.asc
Description: OpenPGP digital signature
