[Pkg-privacy-maintainers] Bug#854773: hexchat-otr: /ME messages sent without OTR
Joonas Kylmälä
joonas.kylmala at iki.fi
Fri Feb 10 08:20:22 UTC 2017
Package: hexchat-otr
Version: 0.2.1-3
Severity: normal
Dear Maintainer,
I was using the hexchat OTR plugin. After connected with a person via
OTR the messages were sent encrypted just fine but then I decided to
use IRC's /ME command and send a message with that and the message was
not encrypted with OTR. There was no warning about that the message
would have been sent unecrypted and some confidential information
could have leaked. If it is not possible to encrypt /ME messages with
OTR maybe there is possibility to give a warning to the user before
sending the message?
Regards,
Joonas Kylmälä
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages hexchat-otr depends on:
ii hexchat 2.12.4-1
ii libc6 2.24-8
ii libgcrypt20 1.7.5-3
ii libglib2.0-0 2.50.2-2
ii libotr5 4.1.1-2
hexchat-otr recommends no packages.
hexchat-otr suggests no packages.
-- no debconf information
More information about the Pkg-privacy-maintainers
mailing list