** Summary changed: - xchat and derivatives don't validate ssl hostnames + [CVE-2013-7449] xchat and derivatives don't validate ssl hostnames
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xchat-gnome in Ubuntu. https://bugs.launchpad.net/bugs/1565000 Title: [CVE-2013-7449] xchat and derivatives don't validate ssl hostnames Status in hexchat package in Ubuntu: Fix Released Status in xchat-gnome package in Ubuntu: Fix Released Status in xchat source package in Precise: Confirmed Status in xchat-gnome source package in Precise: Fix Released Status in hexchat source package in Trusty: Fix Released Status in xchat source package in Trusty: Confirmed Status in xchat-gnome source package in Trusty: Fix Released Status in hexchat source package in Wily: Fix Released Status in xchat source package in Wily: Confirmed Status in xchat-gnome source package in Wily: Fix Released Status in hexchat source package in Xenial: Fix Released Status in xchat-gnome source package in Xenial: Fix Released Bug description: http://www.openwall.com/lists/oss-security/2015/01/29/23 XChat did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Also applied to hexchat and xchat-gnome. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hexchat/+bug/1565000/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
