Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pidgin Adds Google Talk Voice and Video Support (and a Vulnerability)

Posted by timothy on from the hey-sometimes-stuff-happens dept.

ottothecow writes "While various attempts at video and voice support have been in the pipeline since long before GAIM became Pidgin, fully functioning support over XMPP is on its way. Lifehacker reports that Pidgin 2.6 adds voice and video support for GChat (and presumably any other XMPP network) for Mac and Linux. Windows still has a few bugs but they are being worked on. Pidgin 2.6.1 is only available as source at the moment (but precompiled versions are available at getdeb)." Less happily, an anonymous reader writes "A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration)."

9 of 127 comments (clear)

  1. ummmm? by CRiMSON · · Score: 5, Informative

    2.6.1 is only available as source at the moment?

    http://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.1.exe

    So that's magic? If you install that do the terrorists win?

    --
    oogly boogly!
  2. Re:ouch by EvanED · · Score: 5, Interesting

    "Pidgin" is just a fancy word for the low-class broken English that most American blacks speak. Look it up if you don't believe me. So as far as I'm concerned, it never had any credibility in the first place.

    What? Way to project your own biases. "Pidgin" languages are any sort of conglomeration languages that develop when you have two peoples that don't have a common language who have to communicate.

    In fact, the "low-class broken English that most American blacks speak" (let's even ignore the glaring inaccuracy of that phrase) is really not a pidgin language at all.

  3. Re:ouch by Luke+has+no+name · · Score: 4, Insightful

    -1 for not backing up your statement on Pidgin's credibility.

    And good for you that all your contacts reside on GMail, and that you prefer a GMail's web app to a desktop app that centralizes the many forms of communication on the Net. If that works for you, fine. It does not work for me. I want faster response time, a unified UI for all my communication, more flexible message notification, logging, etc. that keeps me in control of my settings and data locally.

    cp -a /home/me/.purple/ /media/Backup/Pidgin/

    I have friends on AIM, Facebook, GMail, and one or two with their own XMPP address. Fortunately, I do not need MSN to contact anyone I know.

  4. 2.5.9 and 2.6.1 are different releases by Laven · · Score: 5, Informative

    2.5.9 and 2.6.0 were both released Tuesday, August 18th addressing this security issue (CVE-2009-2694). 2.5.9 is 2.5.8 with only CVE-2009-2694 addressed and an unrelated crash bug fix. 2.6.0 contains CVE-2009-2694 in addition to many other bug fixes and the new Voice and Video support.

    Unfortunately, another security issue was discovered with sending URL's over the Yahoo protocol and 2.6.1 was released on Wednesday, August 19th. According to the pidgin developers, 2.5.9 was not affected by separate bug.

    Note: The Voice and Video support in pidgin-2.6.1 is a bit fragile. You MUST have the latest version of farsight2 and the stack of libraries it requires. You may also need to open ports on your firewall to allow it to connect.

  5. Re:ouch by 93+Escort+Wagon · · Score: 4, Funny

    I don't need an IM application anyway; if I need to contact someone I just open Gmail.

    If I need to contact someone, I just yell really loud.

    --
    #DeleteChrome
  6. Re:How about some autoupdate? by RiotingPacifist · · Score: 4, Insightful

    Right if your running a vulnerable app, you should let it update itself, sigh!

    --
    IranAir Flight 655 never forget!
  7. Re:ouch by Anonymous Coward · · Score: 5, Funny

    It's like carbon credits.

    It is for people who support FSF and feel guilty for running a closed source OS. Instead of actually installing Linux, they offset their use of closed source by installing an open source application. It helps to reduce the guilt and increase "street credentials" among their fellow dwellers of cubicles.

    As an example I have Windows XP running Photoshop. In order to offset I looked up the FSF Source-Credits Guide Lines and Regulations Handbook (FSCGLRH) and found out:

    Windows XP +10 Source Credits
    Photoshop = +5 Source Credits

    Offsets I selected:
    Pidgin = -4 Source Credits
    OpenOffice = -5 Source Credits
    Gimp* = -3 Source Credits
    Amaya** = -3 Source Credits

    *I do not use Gimp, however by installing it, I offset my credits by 3. Thereby reducing my guilt by d6 with a +1 modifier.
    ** I commonly use FireFox, however, it provides only 0 credits, Amaya on the other hand offsets my credits by 3.

    I am happy to say that I am Source Credit Neutral as defined by FSCGLRH. I am even thinking about installing X-Chat 2 in order to sell my credits to offset other people.

  8. Blaming the wrong ones by Ilgaz · · Score: 3, Insightful

    First of all, to that security company. Good job really publicizing a vulnerability without checking with unpaid developers of a complete open source project. Also whatever junk you use to create the pages pages doesn't work with Opera 10 and I am too tired to fire up another browser.

    Second: Where are you "web 2.0" cool privacy killing instant messenger sites built on Pidgin libraries, where is your patch to the security vulnerability? Can't you spare some of the entrepreneur provided millions to hire some actual developers and fix the issues with the core you rely on?

    Third: How hard to assign couple of MSN, AOL, Yahoo developers to Pidgin project by respective companies and let them maintain their own mess which they call a "protocol"? It is not like 100s of millions of Win32 users will use a GTK2 client on their Windows while you already push your own with OS install right? I talk about 3 guys at most, who will at least oversee the protocol development.

    All we "open standards" loving nerds are running bunch of closed source, proprietary, low quality, badly engineered IM protocols and at end, people who are unpaid, overworked struggling to keep up with the junk above gets the blame... It is a huge shame really.

  9. Re:Mac Binaries by Ilgaz · · Score: 3, Funny

    You must be new to OS X open source&freeware development. After certain amount of downloads of open source applications, Apple gives you a special quantum encrypted key to next gen OS X (OS X 10.9) and its XCode codes the open source application itself, automatically! They also donate automatically to keep up with the code&hosting expenses.So, all left to OS X users is click "download now" and use it.

    Check your Junk Mail, key must be there.