It has always been vulnerable to MITM attacks when it is not used with DNSSEC,
and has been removed from XEP-0156 because of that. We have been issued
CVE-2022-26491 for this issue.
More discussion can be found at
https://mail.jabber.org/pipermail/standards/2022-February/038759.html.
Testing Done:
Compiled
Reviewed at https://reviews.imfreedom.org/r/1357/
#!/usr/bin/env perl
#
# check_po.pl - check po file translations for likely errors
#
# Written by David W. Pfitzner dwp@mso.anu.edu.au
# This script is hereby placed in the Public Domain.
#
# Various checks on po file translations:
# - printf-style format strings;
# - differences in trailing newlines;
# - empty (non-fuzzy) msgid;
# - likely whitespace errors on joining multi-line entries
# Ignores all fuzzy entries.
#
# Options:
# -x Don't do standard checks above (eg, just check one of below).
# -n Check newlines within strings; ie, that have equal numbers
# of newlines in msgstr and msgid. (Optional because this may
# happen legitimately.)
# -w Check leading whitespace. Sometimes whitespace is simply
# spacing (eg, for widget labels etc), or punctuation differences,
# so this may be ok.
# -W Check trailing whitespace. See -w above.
# -p Check trailing punctuation.
# -c Check capitalization of first non-whitespace character
# (only if [a-zA-Z]).
# -e Check on empty (c.q. new) msgstr
#
# Reads stdin (or filename args, via <>), writes any problems to stdout.
#
# Modified by Davide Pagnin nightmare@freeciv.it to support plural forms
#
# Version: 0.41 (2002-06-06)
# TODO: This script needs to be able to handle Farsi's %Id flag for
# number format specifiers. More information on how it works, see