Thanks to Georg of Yaxim for his great work on this, both technically and in coordinating with us.
https://op-co.de/CVE-2014-5075.html "Smack is an Open Source XMPP (Jabber) client library for instant messaging and presence written in Java. Smack prior to version 4.0.2 is vulnerable to TLS Man-in-the-Middle attacks, as it fails to check if the server certificate matches the hostname of the connection." https://op-co.de/blog/posts/java_sslsocket_mitm/ Our fix for ChatSecure:Android (https://github.com/guardianproject/ChatSecureAndroid/commit/3f150daded7461255b9d51bfc59ff91f8a77ed81) is included in the new ChatSecure 13.2.0 beta out today, which is near enough to stable, that we recommend an upgrade: https://guardianproject.info/2014/08/05/chatsecure-13-2-important-beta-update/ +n
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
