[Pkg-privacy-maintainers] Bug#854773: hexchat-otr: /ME messages sent without OTR

Joonas Kylmälä joonas.kylmala at iki.fi
Fri Feb 10 08:20:22 UTC 2017

Package: hexchat-otr
Version: 0.2.1-3
Severity: normal

Dear Maintainer,

I was using the hexchat OTR plugin. After connected with a person via
OTR the messages were sent encrypted just fine but then I decided to
use IRC's /ME command and send a message with that and the message was
not encrypted with OTR. There was no warning about that the message
would have been sent unecrypted and some confidential information
could have leaked. If it is not possible to encrypt /ME messages with
OTR maybe there is possibility to give a warning to the user before
sending the message?

Joonas Kylmälä

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages hexchat-otr depends on:
ii  hexchat       2.12.4-1
ii  libc6         2.24-8
ii  libgcrypt20   1.7.5-3
ii  libglib2.0-0  2.50.2-2
ii  libotr5       4.1.1-2

hexchat-otr recommends no packages.

hexchat-otr suggests no packages.

-- no debconf information

More information about the Pkg-privacy-maintainers mailing list