[Pidgin] #15295: Pidgin leaks pidgin & libpurple version number & time data.

Pidgin trac at pidgin.im
Thu Sep 20 20:47:18 EDT 2012


#15295: Pidgin leaks pidgin & libpurple version number & time data.
---------------------------------+-----------------------
 Reporter:  malaparte            |       Owner:  EionRobb
     Type:  plugin request       |      Status:  new
Milestone:                       |   Component:  privacy
  Version:  2.10.6               |  Resolution:
 Keywords:  security, libpurple  |
---------------------------------+-----------------------
Changes (by bleeter):

 * cc: deryni, eionnrobb (added)
 * owner:  bleeter => EionRobb
 * type:  defect => plugin request


Comment:

 NAME and VERSION are Draft REQUIREments.

 http://xmpp.org/extensions/xep-0092.html

 <name/> -- The natural-language name of the software. This element is
 REQUIRED in a result.
 <version/> -- The specific version of the software. This element is
 REQUIRED in a result.

 Not too keen on 'breaking' existing behaviour, despite it only being a
 draft.

 At EionRobb's prompting, converting to plugin request and he's going to
 bang something together so people can craft their own responses to the
 version request. Have cc'd deryni in case he feels like adding any 2c's.

 I'm not convinced 'leaking' iq:last is a problem. If OP feels as such,
 please open a new ticket.

 Given this would appear to be part of the spec (yes, although draft), I'm
 guessing it may be a problem for other XMPP clients too.

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15295#comment:4>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list