User: Password:
Subscribe / Log in / New account

libotr: information disclosure

Package(s):libotr CVE #(s):
Created:January 31, 2014 Updated:February 5, 2014

From the Debian bug report:

It's been known [1] since 2006 that clients supporting both OTRv1 and v2 (such as libotr 3.x) are subject to protocol downgrade attacks clients. It's also been known for a while that OTRv1 has serious security issues (that were the main reason for a v2, actually). In short, support v2 only is the only safe way to go these days.

Ubuntu USN-2091-1 libotr 2014-01-30

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds