Better Pidgin OTR security
Originally created by Tails on #5992 (Redmine)
We need to only allow OTR protocol v2 and later, to circumvent the protocol version negotiation attack described in Finite-State Security Analysis of OTR Version 2 … until the protocol + libotr themselves are fixed.
This is fixed in 4.0.0 beta 1 (commit 7ffba65f).
Let’s wait for Tails to be based on Wheezy, as the bug will fixed through a Wheezy point-release in libotr 3.2.1-1+deb7u1 (Debian bug 725779).
Subtasks
Edited by import-from-Redmine