[Pidgin] #15295: Pidgin leaks pidgin & libpurple version number & time data.
Pidgin
trac at pidgin.im
Tue Mar 19 02:11:18 EDT 2013
#15295: Pidgin leaks pidgin & libpurple version number & time data.
---------------------------------+-----------------------
Reporter: malaparte | Owner: EionRobb
Type: plugin request | Status: new
Milestone: | Component: privacy
Version: 2.10.6 | Resolution:
Keywords: security, libpurple |
---------------------------------+-----------------------
Comment (by MarkDoliner):
Question: Do we think there is real potential for people to be harmed by
this? What I'm thinking is, if an attacker doesn't know the victim's IM
client or version or build info then the attacker will just try every
attack possible, and so leaking the client version/build info is moot.
Am I wrong?
If we decide that it really is a bad idea to leak version/build info then
I have no problems violating the XEP (and of course we would bring the
issue up with the XEP authors and reviewers).
--
Ticket URL: <https://developer.pidgin.im/ticket/15295#comment:7>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list