[Pkg-telepathy-maintainers] Bug#706094: telepathy-idle: does not verify TLS certificates properly
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 29 20:14:43 UTC 2013
Control: retitle 706094 telepathy-idle: CVE-2013-2025: does not verify TLS certificates
Control: user debian-security at lists.debian.org
Control: usertags 706094 + tracked
Hi
On Wed, Apr 24, 2013 at 04:25:46PM +0100, Simon McVittie wrote:
> Package: telepathy-idle
> Version: 0.1.6-1
> Severity: important
> Tags: upstream
>
> telepathy-idle < 0.1.15 does not verify that the server's TLS certificate was
> issued by a trusted CA, or that it hasn't expired, or that it matches the
> server's hostname.
>
> Additionally, telepathy-idle < 0.1.11 does not do any verification at all.
CVE assigned for this: CVE-2013-2025
Regards,
Salvatore
More information about the Pkg-telepathy-maintainers
mailing list