Bug 989989 (CVE-2016-1000030)

Summary: VUL-0: CVE-2016-1000030: pidgin: X.509 Certificates improperly imported
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Felix Zhang <fezhang>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: fezhang, meissner, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/171084/
Whiteboard: CVSSv2:RedHat:CVE-2016-1000030:2.6:(AV:N/AC:H/Au:N/C:N/I:P/A:N) CVSSv2:SUSE:CVE-2016-1000030:4.0:(AV:N/AC:H/Au:N/C:P/I:P/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Felix Zhang 2016-07-21 12:46:43 UTC
vulnerability confirmed on SLE12 but not SLE11. Will work on it.
Comment 2 Felix Zhang 2016-07-21 12:50:20 UTC
(In reply to Felix Zhang from comment #1)
> vulnerability confirmed on SLE12 but not SLE11. Will work on it.

Correct to myself. The vulnerability is fixed in pidgin 2.11.0. Which has been pushed to SUSE:SLE-12-SP2:GA
Comment 3 Felix Zhang 2016-09-12 13:07:46 UTC
As in previous comment. SLE11 and SLE12SP2 are not affected.
Comment 4 Johannes Segitz 2018-06-11 11:42:00 UTC
(In reply to Felix Zhang from comment #3)
then we can close this, fixed in current products