Control: tags -1 + squeeze pending
Control: retitle -1 RM: irssi-plugin-otr -- RoM; security issues
On Mon, 2013-10-07 at 21:14 +0200, Antoine Beaupré wrote:
> The pre-1.0 versions of the OTR plugin are very broken for all
> software (xchat, irssi, etc) and are considered insecure as OTRv1 is
> su
On 2013-10-07 15:55:26, intrigeri wrote:
> Hi,
>
> (Probably OT as far as the release team is concerned: it might be
> worth filing CVE's against the clients that still support v1 and v2.
> Antoine, do you want to ask the OTR developers what's their take
> on it?)
I wouldn't bother, personnally. I
Hi,
tl;dr: I support Antoine's proposal to drop from Squeeze and Wheezy
any OTR client or plugin that supports both OTRv1 and OTRv2.
I strongly doubt we're still shipping anything that supports v1 only,
but it would be wise to check.
> OTRv1 is susceptible to downgrade attacks (if my memory is c
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
The pre-1.0 versions of the OTR plugin are very broken for all
software (xchat, irssi, etc) and are considered insecure as OTRv1 is
susceptible to downgrade attacks (if my memory is correct).
I
4 matches
Mail list logo
