[Pkg-telepathy-maintainers] Bug#706094: telepathy-idle: does not verify TLS certificates properly

Salvatore Bonaccorso carnil at debian.org
Mon Apr 29 20:14:43 UTC 2013


Control: retitle 706094 telepathy-idle: CVE-2013-2025: does not verify TLS certificates
Control: user debian-security at lists.debian.org
Control: usertags 706094 + tracked

Hi

On Wed, Apr 24, 2013 at 04:25:46PM +0100, Simon McVittie wrote:
> Package: telepathy-idle
> Version: 0.1.6-1
> Severity: important
> Tags: upstream
> 
> telepathy-idle < 0.1.15 does not verify that the server's TLS certificate was
> issued by a trusted CA, or that it hasn't expired, or that it matches the
> server's hostname.
> 
> Additionally, telepathy-idle < 0.1.11 does not do any verification at all.

CVE assigned for this: CVE-2013-2025

Regards,
Salvatore



More information about the Pkg-telepathy-maintainers mailing list