Pidgin 2.7.4 secures open source IM
My favorite open source instant messaging (IM) client is getting an important update this week with the release of Pidgin 2.7.4.
As is the case with all Pidgin updates there is a long list bug fixes and with this update, at least one named security updates too.
Pidgin 2.7.4 provides a security fix for CVE-2010-3711 by properly validating return values from the
purple_base64_decode() function before using them, according to the release notes.
There are also a number of SSL related improvements. Pidgin now has added support for
Deutsche Telekom, Thawte Primary, and Go Daddy Class 2 root certificate authorities.
As well the release notes indicate that a sentence has been added to the certificate warning for expired certificates
suggesting the user check their computer's date and time.
One other interesting item of note that affect my own personal usage. Finally, Pidgin now recognized Google Chrome as a possible browser on non-Windows (i.e. Linux) systems. Why this took Pidgin developers so long, I don't know. I can only assume it's just an issue that hasn't been an issue because no one logged a bug about it before.