Disable insecure OTRv1 protocol
Bug #1266016 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libotr (Debian) |
Fix Released
|
Unknown
|
|||
libotr (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Raring |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
libotr2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Up until version 3 libotr supports the insecure OTRv1 protocol which makes it vulnerable to downgrade attacks.
For more information see http://
information type: | Public → Public Security |
Changed in libotr (Ubuntu): | |
status: | New → Fix Released |
Changed in libotr2 (Ubuntu): | |
status: | New → Invalid |
Changed in libotr2 (Ubuntu Precise): | |
status: | New → Invalid |
Changed in libotr (Ubuntu Raring): | |
status: | New → Invalid |
Changed in libotr (Ubuntu Saucy): | |
status: | New → Invalid |
Changed in libotr (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
I've requested that libotr2 is removed from trusty so no need to fix it there: bug #1266014