group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #01459
[Bug 1565000] Re: xchat-gnome doesn't validate ssl hostnames
This bug was fixed in the package xchat-gnome -
1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2
---------------
xchat-gnome (1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2) trusty-security; urgency=medium
* SECURITY UPDATE: no ssl hostname verification (LP: #1565000)
- debian/patches/validate_ssl_hostnames.patch: properly validate
hostnames in src/common/server.c, src/common/ssl.c, src/common/ssl.h.
- CVE number pending
* SECURITY UPDATE: missing ssl certificate handled incorrectly
- debian/patches/handle_missing_ssl_cert.patch: fail connection if
certificate isn't found in src/common/server.c.
- No CVE number
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Fri, 01 Apr 2016
13:43:49 -0400
** Changed in: xchat-gnome (Ubuntu Trusty)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1565000
Title:
xchat-gnome doesn't validate ssl hostnames
Status in hexchat package in Ubuntu:
Fix Released
Status in xchat package in Ubuntu:
Invalid
Status in xchat-gnome package in Ubuntu:
Fix Released
Status in hexchat source package in Precise:
Invalid
Status in xchat source package in Precise:
Confirmed
Status in xchat-gnome source package in Precise:
Confirmed
Status in hexchat source package in Trusty:
Fix Released
Status in xchat source package in Trusty:
Confirmed
Status in xchat-gnome source package in Trusty:
Fix Released
Status in hexchat source package in Wily:
Fix Released
Status in xchat source package in Wily:
Confirmed
Status in xchat-gnome source package in Wily:
Confirmed
Status in hexchat source package in Xenial:
Fix Released
Status in xchat source package in Xenial:
Invalid
Status in xchat-gnome source package in Xenial:
Fix Released
Bug description:
http://www.openwall.com/lists/oss-security/2015/01/29/23
XChat did not verify that the server hostname matched the domain name in
the subject's Common Name (CN) or subjectAltName field in X.509
certificates. This could allow a man-in-the-middle attacker to spoof an
SSL server if they had a certificate that was valid for any domain name.
Also applied to hexchat and xchat-gnome.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/hexchat/+bug/1565000/+subscriptions