[Pidgin] #15295: Pidgin leaks pidgin & libpurple version number & time data.
Pidgin
trac at pidgin.im
Thu Sep 20 20:47:18 EDT 2012
#15295: Pidgin leaks pidgin & libpurple version number & time data.
---------------------------------+-----------------------
Reporter: malaparte | Owner: EionRobb
Type: plugin request | Status: new
Milestone: | Component: privacy
Version: 2.10.6 | Resolution:
Keywords: security, libpurple |
---------------------------------+-----------------------
Changes (by bleeter):
* cc: deryni, eionnrobb (added)
* owner: bleeter => EionRobb
* type: defect => plugin request
Comment:
NAME and VERSION are Draft REQUIREments.
http://xmpp.org/extensions/xep-0092.html
<name/> -- The natural-language name of the software. This element is
REQUIRED in a result.
<version/> -- The specific version of the software. This element is
REQUIRED in a result.
Not too keen on 'breaking' existing behaviour, despite it only being a
draft.
At EionRobb's prompting, converting to plugin request and he's going to
bang something together so people can craft their own responses to the
version request. Have cc'd deryni in case he feels like adding any 2c's.
I'm not convinced 'leaking' iq:last is a problem. If OP feels as such,
please open a new ticket.
Given this would appear to be part of the spec (yes, although draft), I'm
guessing it may be a problem for other XMPP clients too.
--
Ticket URL: <https://developer.pidgin.im/ticket/15295#comment:4>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list