Five vulnerabilities were patched in the most recent update to Pidgin 2.10.10. The vulnerabilities include a SSL/TLS certificate validation issue that could be exploited in man-in-the-middle attacks. Cisco Talos intelligence team researchers disclosed three other vulnerabilities in this release reported by the networking giant. One of the vulnerabilities was found only on the Windows version of the client and had to do with how the client handled smiley and theme packages, which are downloaded as Tape Archive (TAR) files from Websites.
Source: https://threatpost.com/ssl-mitm-vulnerability-among-vulns-patched-in-pidgin/109263/