https://github.com/hexchat/hexchat/issues/524
https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d
https://bugzilla.redhat.com/show_bug.cgi?id=1081839
** Also affects: xchat (Ubuntu Wily)
Importance: Undecided
Status: New
** Also affects: xchat-gnome (Ubuntu Wily)
Importance: Undecided
Status: New
** Also affects: hexchat (Ubuntu Wily)
Importance: Undecided
Status: New
** Also affects: xchat (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: xchat-gnome (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: hexchat (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: xchat (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: xchat-gnome (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: hexchat (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: xchat (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: xchat-gnome (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: hexchat (Ubuntu Trusty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xchat-gnome in Ubuntu.
https://bugs.launchpad.net/bugs/1565000
Title:
xchat-gnome doesn't validate ssl hostnames
Status in hexchat package in Ubuntu:
New
Status in xchat package in Ubuntu:
Invalid
Status in xchat-gnome package in Ubuntu:
New
Status in hexchat source package in Precise:
New
Status in xchat source package in Precise:
New
Status in xchat-gnome source package in Precise:
Confirmed
Status in hexchat source package in Trusty:
New
Status in xchat source package in Trusty:
New
Status in xchat-gnome source package in Trusty:
New
Status in hexchat source package in Wily:
New
Status in xchat source package in Wily:
New
Status in xchat-gnome source package in Wily:
New
Status in hexchat source package in Xenial:
New
Status in xchat source package in Xenial:
Invalid
Status in xchat-gnome source package in Xenial:
New
Bug description:
http://www.openwall.com/lists/oss-security/2015/01/29/23
XChat did not verify that the server hostname matched the domain name in
the subject's Common Name (CN) or subjectAltName field in X.509
certificates. This could allow a man-in-the-middle attacker to spoof an
SSL server if they had a certificate that was valid for any domain name.
Also applied to hexchat and xchat-gnome.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/hexchat/+bug/1565000/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
