[Pidgin] #15295: Pidgin leaks pidgin & libpurple version number & time data.
Pidgin
trac at pidgin.im
Fri Sep 21 05:29:03 EDT 2012
#15295: Pidgin leaks pidgin & libpurple version number & time data.
---------------------------------+-----------------------
Reporter: malaparte | Owner: EionRobb
Type: plugin request | Status: new
Milestone: | Component: privacy
Version: 2.10.6 | Resolution:
Keywords: security, libpurple |
---------------------------------+-----------------------
Comment (by ioerror):
Considering the poor state of security in clients written in C, I think it
is harmful to be compliant with the draft spec. Ironically, the specific
version would likely be the hg tag for the released code and that isn't in
the <version/> tag, right?
If it has to be a plugin, users are by default still at risk. The fact
that libpurple uses easy to fingeprint identifiers only makes a plugin
masking things sorta pointless - a lot of systemic cleanup is required for
actual concealment.
--
Ticket URL: <https://developer.pidgin.im/ticket/15295#comment:5>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list