Control: retitle 706094 telepathy-idle: CVE-2013-2025: does not verify TLS certificates Control: user [email protected] Control: usertags 706094 + tracked
Hi On Wed, Apr 24, 2013 at 04:25:46PM +0100, Simon McVittie wrote: > Package: telepathy-idle > Version: 0.1.6-1 > Severity: important > Tags: upstream > > telepathy-idle < 0.1.15 does not verify that the server's TLS certificate was > issued by a trusted CA, or that it hasn't expired, or that it matches the > server's hostname. > > Additionally, telepathy-idle < 0.1.11 does not do any verification at all. CVE assigned for this: CVE-2013-2025 Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
