Summary: | net-im/pidgin, x11-plugins/pidgin-otr: libpurple OTR information leakage (CVE-2012-1257) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED WONTFIX | ||
Severity: | minor | CC: | hasufell, kensington, net-im |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://census-labs.com/news/2012/02/25/libpurple-otr-info-leak/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Harrison
2012-02-27 10:36:27 UTC
pidgin-otr upstream has released a new version fixing their issue. (In reply to comment #1) > pidgin-otr upstream has released a new version fixing their issue. Please ignore my previous comment, this is for a different issue. Sorry for the noise. Looks like nothing's being done upstream about this. I suggest changing status to upstream+. @ Security: Please consider closing this bug, see https://bugzilla.redhat.com/show_bug.cgi?id=798279#c2 Per the referenced links this is a security enhancement vice a vulnerability. Pidgin uses DBus calls to notify the user of all received messages, but if using the OTR plugin the messages are not truly off the record. However, the messages are only sent and received within the user's DBus session. |