Each Linux distribution has a very limited set of possible kernel versions. It is nearly trivial to guess at someone's kernel version. Also, "4. Authorize the attacker from the victim client." requires the victim do some work to help the attacker. :)
I would, however, consider it a "bug" to not be able to disable this information in pidgin (e.g. gajim allows you to set privacy flags), but I don't find this to be a significant "information disclosure". ** This bug is no longer flagged as a security issue -- Jabber: Client and OS version visible to authorized buddies https://bugs.launchpad.net/bugs/128159 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
