[Bug 1266016] [NEW] Disable insecure OTRv1 protocol

Felix Geyer debfx-pkg at fobos.de
Sat Jan 4 12:18:51 UTC 2014 

*** This bug is a security vulnerability ***

Public security bug reported:

Up until version 3 libotr supports the insecure OTRv1 protocol which makes it vulnerable to downgrade attacks.
For more information see http://bugs.debian.org/725779

** Affects: libotr (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: libotr2 (Ubuntu)
     Importance: Undecided
         Status: Invalid

** Affects: libotr (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: libotr2 (Ubuntu Precise)
     Importance: Undecided
         Status: Invalid

** Affects: libotr (Ubuntu Raring)
     Importance: Undecided
         Status: Invalid

** Affects: libotr2 (Ubuntu Raring)
     Importance: Undecided
         Status: New

** Affects: libotr (Ubuntu Saucy)
     Importance: Undecided
         Status: Invalid

** Affects: libotr2 (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: libotr (Debian)
     Importance: Unknown
         Status: Unknown

** Information type changed from Public to Public Security

** Bug watch added: Debian Bug tracker #725779
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725779

** Also affects: libotr (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725779
   Importance: Unknown
       Status: Unknown

** Also affects: libotr (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Changed in: libotr (Ubuntu)
       Status: New => Fix Released

** Also affects: libotr2 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: libotr (Ubuntu Raring)
   Importance: Undecided
       Status: New

** Also affects: libotr2 (Ubuntu Raring)
   Importance: Undecided
       Status: New

** Also affects: libotr (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Also affects: libotr2 (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Changed in: libotr2 (Ubuntu)
       Status: New => Invalid

** Changed in: libotr2 (Ubuntu Precise)
       Status: New => Invalid

** Changed in: libotr (Ubuntu Raring)
       Status: New => Invalid

** Changed in: libotr (Ubuntu Saucy)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to libotr2 in Ubuntu.
https://bugs.launchpad.net/bugs/1266016

Title:
  Disable insecure OTRv1 protocol

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libotr/+bug/1266016/+subscriptions

More information about the kubuntu-bugs mailing list