*** This bug is a security vulnerability *** Public security bug reported:
Up until version 3 libotr supports the insecure OTRv1 protocol which makes it vulnerable to downgrade attacks. For more information see http://bugs.debian.org/725779 ** Affects: libotr (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: libotr2 (Ubuntu) Importance: Undecided Status: Invalid ** Affects: libotr (Ubuntu Precise) Importance: Undecided Status: New ** Affects: libotr2 (Ubuntu Precise) Importance: Undecided Status: Invalid ** Affects: libotr (Ubuntu Raring) Importance: Undecided Status: Invalid ** Affects: libotr2 (Ubuntu Raring) Importance: Undecided Status: New ** Affects: libotr (Ubuntu Saucy) Importance: Undecided Status: Invalid ** Affects: libotr2 (Ubuntu Saucy) Importance: Undecided Status: New ** Affects: libotr (Debian) Importance: Unknown Status: Unknown ** Information type changed from Public to Public Security ** Bug watch added: Debian Bug tracker #725779 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725779 ** Also affects: libotr (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725779 Importance: Unknown Status: Unknown ** Also affects: libotr (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: libotr (Ubuntu) Status: New => Fix Released ** Also affects: libotr2 (Ubuntu) Importance: Undecided Status: New ** Also affects: libotr (Ubuntu Raring) Importance: Undecided Status: New ** Also affects: libotr2 (Ubuntu Raring) Importance: Undecided Status: New ** Also affects: libotr (Ubuntu Saucy) Importance: Undecided Status: New ** Also affects: libotr2 (Ubuntu Saucy) Importance: Undecided Status: New ** Changed in: libotr2 (Ubuntu) Status: New => Invalid ** Changed in: libotr2 (Ubuntu Precise) Status: New => Invalid ** Changed in: libotr (Ubuntu Raring) Status: New => Invalid ** Changed in: libotr (Ubuntu Saucy) Status: New => Invalid -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to libotr2 in Ubuntu. https://bugs.launchpad.net/bugs/1266016 Title: Disable insecure OTRv1 protocol To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libotr/+bug/1266016/+subscriptions -- kubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
