NOTE: This issue was not reported to a security reporting body.

Summary	Cipher API information disclosure
Date	2011-02-06
Discovered By	Julia Lawall
Fixed In Release	2.7.10

Description

It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple.

Mitigation

Proper structure clearing has been implemented.

Previous
MSN direct connection denial of service

Next
Remote denial of service in Yahoo protocol plugin