Created attachment 167964 [details]
As there seems to be no update for the 3.x branch of libotr to mitigate CVE-2016-2851 it would be nice to switch to libotr 4.x .
The attached patch changes the libotr dependency to use securtiy/libotr.
A commit references this bug:
Date: Thu Mar 10 14:12:07 UTC 2016
New revision: 410752
Switch to libotr instead of libotr3
Submitted by: Sascha Holzleiter