FS#68766 - OMEMO Security problem in libpurple-lurch and libomemo: 12-byte IVs patch is missing
Attached to Project:
Community Packages
Opened by Neustradamus (Neustradamus) - Saturday, 28 November 2020, 07:17 GMT
Last edited by freswa (frederik) - Saturday, 28 November 2020, 15:46 GMT
Opened by Neustradamus (Neustradamus) - Saturday, 28 November 2020, 07:17 GMT
Last edited by freswa (frederik) - Saturday, 28 November 2020, 15:46 GMT
|
Details
Dear all,
Can you see for "libpurple-lurch" and "libomemo" big problem? Links: - https://www.archlinux.org/packages/community/x86_64/libpurple-lurch/ - https://aur.archlinux.org/packages/libomemo/ First, maybe good to have all at the same place no? Very important security point: There is a compatiblity problem with all OMEMO clients (E2E). Can you quickly solve the needed libomemo with the missing 12-byte IVs patch? - https://github.com/gkdr/libomemo/pull/27 Explaination: - https://github.com/gkdr/libomemo/issues/24 Already solved in Alpine / Debian / AUR (but better to have directly in Community place no)? Note that there are a lot of based OS on Arch Linux. Thanks in advance. Regards, Neustradamus |
This task depends upon
Closed by freswa (frederik)
Saturday, 28 November 2020, 15:46 GMT
Reason for closing: Won't implement
Additional comments about closing: This is security related, but not vulnerability. The mentioned patch would make compatibility even worse.
https://github.com/gkdr/libomemo/issues/ 24#issuecomment-735245388
Saturday, 28 November 2020, 15:46 GMT
Reason for closing: Won't implement
Additional comments about closing: This is security related, but not vulnerability. The mentioned patch would make compatibility even worse.
https://github.com/gkdr/libomemo/issues/ 24#issuecomment-735245388