Package: irssi-plugin-otr Version: 0.3-1 Severity: important Tags: security
The irssi otr plugin silently leaks unencrypted *on the record* information when you use the /me emote functionality of irssi. If you issue '/me hates leaking' in your client, you will not have any indication whatsoever that this emote was sent over an unencrypted communications channel, but it clearly is: <br><font size="2">(03:48:27 PM) </font><b><font size="3">The following message received from <a href="mailto:mi...@entodaspartes.org";>mi...@entodaspartes.org</a> was <i>not</i> encrypted: [/me hates leaking]</font></b> That is bad, it should not do that! micah -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-trunk-vserver-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
