[libgadu-devel] How to Report a Security Bug in libgadu

2013-06-01 Thread Radhesh Krishnan K
Hi all, I would like to know how to report a security bug in libgadu. I don't see any option to report a bug here http://toxygen.net/libgadu/. http://toxygen.net/libgadu/ --. Regards, Radhesh Krishnan K. ___ libgadu-devel mailing list libgadu-devel

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-06-02 Thread Radhesh Krishnan K
-devel mailing list libgadu-devel@lists.ziew.org http://lists.ziew.org/mailman/listinfo/libgadu-devel -- Regards, Radhesh Krishnan K. ___ libgadu-devel mailing list libgadu-devel@lists.ziew.org http://lists.ziew.org/mailman/listinfo/libgadu-devel

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-06-04 Thread Radhesh Krishnan K
19:02 +0530, Radhesh Krishnan K pisze: I would like to report a security bug in libgadu. libgadu is using openSSL library for creating secure connections. (...) So the product using libgadu will be vulnerable to man-in-the-middle attack. It was rather a conscious decision. Since libgadu

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-06-04 Thread Radhesh Krishnan K
Radhesh Krishnan K radheshkrishn...@gmail.com: Hi Wojtek, Sorry, I have a doubt. I would like to know how certificate validation is performed in the proprietary protocol and why something similar cannot be performed in this case? On Tue, Jun 4, 2013 at 4:41 AM, Wojtek Kaniewski

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-06-07 Thread Radhesh Krishnan K
a obligatory check in case of GG_SSL_REQUIRED? This way users would be still able to use SSL (on their own risk) if the CA changed to something obscure. I think it makes sense. Regards, Wojtek -- Regards, Radhesh Krishnan K

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-06-13 Thread Radhesh Krishnan K
, Radhesh Krishnan K. ___ libgadu-devel mailing list libgadu-devel@lists.ziew.org http://lists.ziew.org/mailman/listinfo/libgadu-devel

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-09-19 Thread Radhesh Krishnan K
, Radhesh Krishnan K. ___ libgadu-devel mailing list libgadu-devel@lists.ziew.org http://lists.ziew.org/mailman/listinfo/libgadu-devel

Re: [libgadu-devel] How to Report a Security Bug in libgadu

2013-09-27 Thread Radhesh Krishnan K
Hi Wojtek, Thank you for your response. Could you request a CVE for this ? On Fri, Sep 27, 2013 at 2:21 AM, Wojtek Kaniewski wojte...@toxygen.netwrote: Dnia 2013-09-19, czw o godzinie 19:40 +0530, Radhesh Krishnan K pisze: I couldn't follow up with this for long time. Is this bug fixed