Feature #5992
Better Pidgin OTR security
Start date:
2013-09-30
Due date:
% Done:
100%
Description
We need to only allow OTR protocol v2 and later, to circumvent the protocol version negotiation attack described in Finite-State Security Analysis of OTR Version 2 … until the protocol + libotr themselves are fixed.
This is fixed in 4.0.0 beta 1 (commit 7ffba65f).
Let’s wait for Tails to be based on Wheezy, as the bug will fixed through a Wheezy point-release in libotr 3.2.1-1+deb7u1 (Debian bug 725779).
Subtasks
Feature #6328: Backport libotr 4.x for Wheezy | Rejected | 0 |
|||
Feature #6329: Backport pidgin-otr 4.x for Wheezy | Rejected | 0 |
|||
Feature #6548: Wait for libotr 3.2.1-1+deb7u1 to reach Wheezy | Resolved | intrigeri | 100 |
History
#1 Updated by intrigeri 2013-07-19 06:46:24
- Subject changed from better pidgin otr security to better Pidgin OTR security
- Type of work changed from Wait to Code
#2 Updated by intrigeri 2013-09-11 13:05:54
- Starter set to No
#3 Updated by intrigeri 2013-12-29 04:38:01
- Subject changed from better Pidgin OTR security to Better Pidgin OTR security
#4 Updated by intrigeri 2013-12-29 04:38:29
- Assignee set to intrigeri
#5 Updated by intrigeri 2014-02-09 03:07:51
- Status changed from Confirmed to Fix committed
Now resolved in our feature/wheezy branch.
#6 Updated by intrigeri 2014-02-09 03:08:10
- Assignee deleted (
intrigeri) - Target version set to Tails_1.1
#7 Updated by intrigeri 2014-02-23 01:17:53
- Status changed from Fix committed to Resolved