Bug#706094: telepathy-idle: does not verify TLS certificates properly

2013-05-01 Thread Moritz Mühlenhoff
On Wed, Apr 24, 2013 at 05:39:59PM +0100, Simon McVittie wrote: > On 24/04/13 17:05, Simon McVittie wrote: > > On Wed, 24 Apr 2013 at 16:25:46 +0100, Simon McVittie wrote: > >> telepathy-idle < 0.1.15 does not verify that the server's TLS certificate > >> was > >> issued by a trusted CA, or that i

Bug#706094: telepathy-idle: does not verify TLS certificates properly

2013-04-29 Thread Salvatore Bonaccorso
Control: retitle 706094 telepathy-idle: CVE-2007-6746: does not verify TLS certificates Hi Simon (Even you already know ;-)), changing title again. There is now the correct CVE assignment for this issue: CVE-2007-6746. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@l

Bug#706094: telepathy-idle: does not verify TLS certificates properly

2013-04-29 Thread Salvatore Bonaccorso
Control: retitle 706094 telepathy-idle: CVE-2013-2025: does not verify TLS certificates Control: user debian-secur...@lists.debian.org Control: usertags 706094 + tracked Hi On Wed, Apr 24, 2013 at 04:25:46PM +0100, Simon McVittie wrote: > Package: telepathy-idle > Version: 0.1.6-1 > Severity: im

Bug#706094: telepathy-idle: does not verify TLS certificates properly

2013-04-24 Thread Yves-Alexis Perez
On mer., 2013-04-24 at 17:39 +0100, Simon McVittie wrote: > Security team: wheezy is vulnerable to this, and has a somewhat older > upstream version than unstable (so it can't migrate that way). How do > you want us to deal with this? I've re-attached the proposed patch for > wheezy for your refere

Bug#706094: telepathy-idle: does not verify TLS certificates properly

2013-04-24 Thread Simon McVittie
On 24/04/13 17:05, Simon McVittie wrote: > On Wed, 24 Apr 2013 at 16:25:46 +0100, Simon McVittie wrote: >> telepathy-idle < 0.1.15 does not verify that the server's TLS certificate was >> issued by a trusted CA, or that it hasn't expired, or that it matches the >> server's hostname. > > Here is a

Bug#706094: telepathy-idle: does not verify TLS certificates properly

2013-04-24 Thread Simon McVittie
On Wed, 24 Apr 2013 at 16:25:46 +0100, Simon McVittie wrote: > telepathy-idle < 0.1.15 does not verify that the server's TLS certificate was > issued by a trusted CA, or that it hasn't expired, or that it matches the > server's hostname. Here is a proposed patch for wheezy, either via t-p-u for wh

Bug#706094: telepathy-idle: does not verify TLS certificates properly

2013-04-24 Thread Simon McVittie
Package: telepathy-idle Version: 0.1.6-1 Severity: important Tags: upstream telepathy-idle < 0.1.15 does not verify that the server's TLS certificate was issued by a trusted CA, or that it hasn't expired, or that it matches the server's hostname. Additionally, telepathy-idle < 0.1.11 does not do