跨平臺即時聊天客戶端,Pidgin 2.10.10 發布了

jopen 10年前發布 | 5K 次閱讀 Pidgin

Pidgin是一個易于使用和免費的聊天客戶端,已經有上百萬人使用。可以在同一個客戶端連接至AIM, MSN, Yahoo等聊天網絡。
支持的聊天網絡:

  • AIM
  • Bonjour
  • Gadu-Gadu
  • Google Talk
  • Groupwise
  • ICQ
  • IRC
  • MSN
  • MXit
  • SILC
  • SIMPLE
  • Sametime
  • XMPP
  • Yahoo!
  • Zephyr
Pidgin 2.10.10
[Pidgin Logo] Download Now

2.10.10 for Windows
ChangeLog

  • General
    • Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins. (Discovered by an anonymous person and Jacob Appelbaum of the Tor Project, with thanks to Moxie Marlinspike for first publishing about this type of vulnerability. Thanks to Kai Engert for guidance and for some of the NSS changes) (CVE-2014-3694)
    • Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL. (Elrond and Ashish Gupta) (#15909)
  • libpurple3 compatibility
    • Encrypted account passwords are preserved until the new one is set.
    • Fix loading Google Talk and 非死book XMPP accounts.
  • Windows-Specific Changes
    • Don't allow overwriting arbitrary files on the file system when the user installs a smiley theme via drag-and-drop. (Discovered by Yves Younan of Cisco Talos) (CVE-2014-3697)
    • Updates to dependencies
      • NSS 3.17.1 and NSPR 4.10.7
  • Finch
    • Fix build against Python 3. (Ed Catmur) (#15969)
  • Gadu-Gadu
    • Updated internal libgadu to version 1.12.0.
  • Groupwise
    • Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated. (Discovered by Yves Younan and Richard Johnson of Cisco Talos) (CVE-2014-3696)
  • IRC
    • Fix a possible leak of unencrypted data when using /me command with OTR. (Thijs Alkemade) (#15750)
  • MXit
    • Fix potential remote crash parsing a malformed emoticon response. (Discovered by Yves Younan and Richard Johnson of Cisco Talos) (CVE-2014-3695)
  • XMPP
    • Fix potential information leak where a malicious XMPP server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul Aurich) (CVE-2014-3698)
    • Fix 非死book XMPP roster quirks. (#15041, #15957)
  • Yahoo
    • Fix login when using the GnuTLS library for TLS connections. (#16172)
 本文由用戶 jopen 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
 轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
 本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!
  本文地址:http://www.baiduhome.net/news/view/1a2d070