group.of.nepali.translators team mailing list archive

[Steve Langasek <1565000@xxxxxxxxxxxxxxxxxx>]

The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release

** Changed in: xchat (Ubuntu Precise)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1565000

Title:
  [CVE-2013-7449] xchat and derivatives don't validate ssl hostnames

Status in hexchat package in Ubuntu:
  Fix Released
Status in xchat-gnome package in Ubuntu:
  Fix Released
Status in xchat source package in Precise:
  Won't Fix
Status in xchat-gnome source package in Precise:
  Fix Released
Status in hexchat source package in Trusty:
  Fix Released
Status in xchat source package in Trusty:
  Confirmed
Status in xchat-gnome source package in Trusty:
  Fix Released
Status in hexchat source package in Wily:
  Fix Released
Status in xchat source package in Wily:
  Confirmed
Status in xchat-gnome source package in Wily:
  Fix Released
Status in hexchat source package in Xenial:
  Fix Released
Status in xchat-gnome source package in Xenial:
  Fix Released

Bug description:
  http://www.openwall.com/lists/oss-security/2015/01/29/23

  XChat did not verify that the server hostname matched the domain name in 
  the subject's Common Name (CN) or subjectAltName field in X.509 
  certificates. This could allow a man-in-the-middle attacker to spoof an 
  SSL server if they had a certificate that was valid for any domain name.

  Also applied to hexchat and xchat-gnome.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/hexchat/+bug/1565000/+subscriptions