That said, the vulnerabilities in "libpurple" were way over hyped by someone who rightfully got kicked out of the security community. Most of those vulnerabilities were in fact in protocol implementations that are plug-ins to libpurple and not libpurple itself. I know it's a technicality, but hearing this blatant lie get repeated for over a decade is exhausting.
That said, the vulnerabilities in "libpurple" were way over hyped by someone who rightfully got kicked out of the security community. Most of those vulnerabilities were in fact in protocol implementations that are plug-ins to libpurple and not libpurple itself. I know it's a technicality, but hearing this blatant lie get repeated for over a decade is exhausting.