[Bug 1266016] [NEW] Disable insecure OTRv1 protocol
Felix Geyer
debfx-pkg at fobos.de
Sat Jan 4 12:18:51 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
Up until version 3 libotr supports the insecure OTRv1 protocol which makes it vulnerable to downgrade attacks.
For more information see http://bugs.debian.org/725779
** Affects: libotr (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: libotr2 (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: libotr (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: libotr2 (Ubuntu Precise)
Importance: Undecided
Status: Invalid
** Affects: libotr (Ubuntu Raring)
Importance: Undecided
Status: Invalid
** Affects: libotr2 (Ubuntu Raring)
Importance: Undecided
Status: New
** Affects: libotr (Ubuntu Saucy)
Importance: Undecided
Status: Invalid
** Affects: libotr2 (Ubuntu Saucy)
Importance: Undecided
Status: New
** Affects: libotr (Debian)
Importance: Unknown
Status: Unknown
** Information type changed from Public to Public Security
** Bug watch added: Debian Bug tracker #725779
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725779
** Also affects: libotr (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725779
Importance: Unknown
Status: Unknown
** Also affects: libotr (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: libotr (Ubuntu)
Status: New => Fix Released
** Also affects: libotr2 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: libotr (Ubuntu Raring)
Importance: Undecided
Status: New
** Also affects: libotr2 (Ubuntu Raring)
Importance: Undecided
Status: New
** Also affects: libotr (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: libotr2 (Ubuntu Saucy)
Importance: Undecided
Status: New
** Changed in: libotr2 (Ubuntu)
Status: New => Invalid
** Changed in: libotr2 (Ubuntu Precise)
Status: New => Invalid
** Changed in: libotr (Ubuntu Raring)
Status: New => Invalid
** Changed in: libotr (Ubuntu Saucy)
Status: New => Invalid
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to libotr2 in Ubuntu.
https://bugs.launchpad.net/bugs/1266016
Title:
Disable insecure OTRv1 protocol
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libotr/+bug/1266016/+subscriptions
More information about the kubuntu-bugs
mailing list