-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/10/2013 08:02 PM, Jurre van Bergen wrote: > > On 09/10/2013 07:46 PM, Jacob Appelbaum wrote: > > Heya, > > > There exists an information leak in Pidgin/Pidgin-OTR where Pidgin > > doesn't allow Pidgin-OTR to encrypt a specific message before it is sent > > to the network. Specifically on IRC networks, users who emote through > > the use of a message such as `/me thinks this is a bug` - will leak the > > full text of their /me command. > > > This is annoying and it would be nice if Pidgin didn't treat /me > > messages in this way. It appears that around the same time as learning > > about this bug, I found a bug report with a fix for Pidgin itself. > > > If there are any Pidgin/Pidgin-OTR users on this list who also use IRC > > with Pidgin, it would be great to see if the following patch fixes the > > behavior of /me on irc: > > > https://developer.pidgin.im/ticket/15750 > > > This could also be fixed inside of Pidgin-otr - though I think the right > > place is inside of Pidgin itself. It would be useful if IRC using > > Pidgin-OTR developers could test the patch attached to ticket 15750 on > > the Pidgin bug tracker. > > > Useful questions to answer: > > > Does it solve the /me info leak for you? Does it cause any adverse > > issues? Does it make sense to put this into Pidgin-OTR? > > > All the best, > > Jake > > > I tested this patch a few weeks ago and it doesn't fix the current issue > in IRC while being in an OTR conversation. > > Jurre > A rectification is in place here, I reviewed a patch from Thijs back in July, the patch has changed now which I haven't reviewed yet.
Jurre - -- Give a man a fish and you feed him for a day; teach a man to fish and you feed him for life. Jabber: drw...@jabber.ccc.de Fingerprint: 79C9BECD 4841247F 7318BD12 8CFD6413 5476FE92 I like my email encrypted, please consider using my GPG key. http://jurrevanbergen.nl/jurre.asc My fingerprint is: 2976 FD1A 2ABE FB14 3907 58CE B739 2967 EA80 1D02 http://jurrevanbergen.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSL6r0AAoJELc5KWfqgB0CQbgH/ie6cFlWAyoxqGHFYa4L0e7N MnEqsV5KsLYSqIn8LUfBYVwl9zCJ7KEfLkV4MwAkDrPOYQH4CA9DiWqo5N/ykXfO wzenk2vwiRNP6SgSyG2NBmompg0OOwFDhGzuvvVwhOOBgW4gKZTIHBeGlV72jIvY 2Hj4J8UNoUVCqwfv1jgPOT5u/yHzedNYxPyieG8nJOyIoU1A8ShqDFTCz/sjSiNu +/yADolm8j7CsXEzDXetuqDQ3GABXsrtVhSpRYYWUu3BGT3tM/7dPHP4NcG23PLz XkISS2ekALbk1u1XvTzTAUUPgLUbc8knHiRMdZoaZXEMvhYOyw2pbopYh1rPip4= =iLNL -----END PGP SIGNATURE-----
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
