[pkg-otr-team] Bug#806238: irssi-plugin-otr: sending /me actions via xmpp while using OTR fails to encrypt them
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Nov 25 17:15:55 UTC 2015
Package: irssi-plugin-otr
Version: 1.0.0-1+b2
Severity: normal
Control: affects -1 irssi-plugin-xmpp
I've got irssi-plugin-xmpp version 0.52+git20140102-3
In text-based chat, I'm in the habit of saying things like this during
a conversation:
/me looks in his notes.
In IRC, most clients render it as something like "* dkg looks in his notes"
An XMPP correspondent (with whom i use OTR exclusively) just let me
know that her client just told her it shows up like this:
The following message was not encrypted:
/me looks in his notes.
So something about the interaction between the irssi xmpp plugin and
the irssi otr plugin makes it so this common "/me" use pattern is
leaks information that one would expect to be encrypted.
--dkg
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages irssi-plugin-otr depends on:
ii irssi 0.8.17-1+b1
ii libc6 2.19-22
ii libgcrypt20 1.6.4-3
ii libotr5 4.1.0-2
irssi-plugin-otr recommends no packages.
irssi-plugin-otr suggests no packages.
-- debconf-show failed
More information about the Pkg-otr-team
mailing list