Heya, There exists an information leak in Pidgin/Pidgin-OTR where Pidgin doesn't allow Pidgin-OTR to encrypt a specific message before it is sent to the network. Specifically on IRC networks, users who emote through the use of a message such as `/me thinks this is a bug` - will leak the full text of their /me command.
This is annoying and it would be nice if Pidgin didn't treat /me messages in this way. It appears that around the same time as learning about this bug, I found a bug report with a fix for Pidgin itself. If there are any Pidgin/Pidgin-OTR users on this list who also use IRC with Pidgin, it would be great to see if the following patch fixes the behavior of /me on irc: https://developer.pidgin.im/ticket/15750 This could also be fixed inside of Pidgin-otr - though I think the right place is inside of Pidgin itself. It would be useful if IRC using Pidgin-OTR developers could test the patch attached to ticket 15750 on the Pidgin bug tracker. Useful questions to answer: Does it solve the /me info leak for you? Does it cause any adverse issues? Does it make sense to put this into Pidgin-OTR? All the best, Jake _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
