>> It seems that this wrapper [1] and the corresponding 'default' file
>> [2] were introduced three years ago in pidgin-sipe 1.13.1-2.1, as
>> a way to make it slightly easier for users of to communicate with
>> Microsoft OCS/Lync servers that had not got the fixes for the BEAST
>> attack (CVE-2011-3389) yet. This workaround that apparently was meant
>> to be temporary [3]. My understanding is that Microsoft published the
>> fixes needed server-side on 2012-01-10 ([4], [5]). I would hope that
>> the server-side situation has evolved a bit in four years, wrt.
>> supporting BEAST fixes.
That wrapper was removed:
pidgin-sipe (1.23.0-2) unstable; urgency=medium
* Remove NSS_SSL_CBC_RANDOM_IV workaround (Closes: #882125).
- Diversion of /usr/bin/pidgin clashes with Pidgin AppArmor profile,
which is now enabled by default in Debian. The workaround was
introduced 5 years ago and Lync/SfB servers have since fixed the
SSL bug so it's reasonably safe to drop it from pidgin-sipe package.
⇒ I'll (somewhat artificially) close this bug with the version that's
currently in sid, to indicate that Stretch is still affected.
