-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/10/2013 07:46 PM, Jacob Appelbaum wrote: > Heya, > > There exists an information leak in Pidgin/Pidgin-OTR where Pidgin > doesn't allow Pidgin-OTR to encrypt a specific message before it is sent > to the network. Specifically on IRC networks, users who emote through > the use of a message such as `/me thinks this is a bug` - will leak the > full text of their /me command. > > This is annoying and it would be nice if Pidgin didn't treat /me > messages in this way. It appears that around the same time as learning > about this bug, I found a bug report with a fix for Pidgin itself. > > If there are any Pidgin/Pidgin-OTR users on this list who also use IRC > with Pidgin, it would be great to see if the following patch fixes the > behavior of /me on irc: > > https://developer.pidgin.im/ticket/15750 > > This could also be fixed inside of Pidgin-otr - though I think the right > place is inside of Pidgin itself. It would be useful if IRC using > Pidgin-OTR developers could test the patch attached to ticket 15750 on > the Pidgin bug tracker. > > Useful questions to answer: > > Does it solve the /me info leak for you? Does it cause any adverse > issues? Does it make sense to put this into Pidgin-OTR? > > All the best, > Jake >
I tested this patch a few weeks ago and it doesn't fix the current issue in IRC while being in an OTR conversation. Jurre - -- Give a man a fish and you feed him for a day; teach a man to fish and you feed him for life. http://jurrevanbergen.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSL165AAoJELc5KWfqgB0CAO8H/2wmUTBO2JcWc8fOU57h48/p +en2r0RpVm0e7oP/KLVIm5mOGRJKuQTPpNa3zzj1w93bCRyr7sjpzwHi2boE8w1o tay2w91QhBbMrETyCaE1ovGvDKDQRS4+YCcgW3uGFIqVHVfbp2nVa7PQe021987M wAVH0XhXzAkOmygf6G6il+YXkXwQpPZA8itspm/sYAJNFvo8wW1FQYFWhxajRJEN waIz4oiQYuRsXjW7K8XQJSl/X9FU1IgBQ0gCqpt1qNO7ztAyA5eQ8kO1WwktRm+T 0cXhK69MgGYbXmp+dulNFAzjIU9peuKPWk8iaJT0/y2lR8wKqUXZaMqmD4yLgL0= =A3Vv -----END PGP SIGNATURE----- _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
