Parent Directory | Revision Log
MGASA-2013-0170
1 | type: security |
2 | subject: Updated telepathy-gabble package fixes security vulnerability |
3 | CVE: |
4 | - CVE-2013-1431 |
5 | src: |
6 | 2: |
7 | core: |
8 | - telepathy-gabble-0.16.6-1.mga2 |
9 | 3: |
10 | core: |
11 | - telepathy-gabble-0.17.4-1.mga3 |
12 | description: | |
13 | Maksim Otstavnov discovered that the Wocky submodule used by |
14 | telepathy-gabble does not respect the tls-required flag on legacy |
15 | Jabber servers. A network intermediary could use this vulnerability to |
16 | bypass TLS verification and perform a man-in-the-middle attack. |
17 | references: |
18 | - https://bugs.mageia.org/show_bug.cgi?id=10432 |
19 | - http://www.debian.org/security/2013/dsa-2702 |
20 | - http://lists.freedesktop.org/archives/telepathy/2013-May/006450.html |
21 | - http://lists.freedesktop.org/archives/telepathy/2013-May/006449.html |
22 | ID: MGASA-2013-0170 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |