Parent Directory
| 
Revision Log
Add advisory for bug 10432
| 1 | boklm | 26 | type: security |
| 2 | subject: Updated telepathy-gabble package fixes security vulnerability | ||
| 3 | CVE: | ||
| 4 | - CVE-2013-1431 | ||
| 5 | src: | ||
| 6 | 2: | ||
| 7 | core: | ||
| 8 | - telepathy-gabble-0.16.6-1.mga2 | ||
| 9 | 3: | ||
| 10 | core: | ||
| 11 | - telepathy-gabble-0.17.4-1.mga3 | ||
| 12 | description: | | ||
| 13 | Maksim Otstavnov discovered that the Wocky submodule used by | ||
| 14 | telepathy-gabble does not respect the tls-required flag on legacy | ||
| 15 | Jabber servers. A network intermediary could use this vulnerability to | ||
| 16 | bypass TLS verification and perform a man-in-the-middle attack. | ||
| 17 | references: | ||
| 18 | - https://bugs.mageia.org/show_bug.cgi?id=10432 | ||
| 19 | - http://www.debian.org/security/2013/dsa-2702 | ||
| 20 | - http://lists.freedesktop.org/archives/telepathy/2013-May/006450.html | ||
| 21 | - http://lists.freedesktop.org/archives/telepathy/2013-May/006449.html |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |