SSLv3 was disabled in 2.10.1-2 which was uploaded about a week ago. It's up to motu to sync it to the proper places. On Nov 26, 2014 10:20 PM, "HRJ" <1396...@bugs.launchpad.net> wrote:
> *** This bug is a security vulnerability *** > > Public security bug reported: > > According to the release notes here: > https://hexchat.github.io/news/2.10.2.html > > "Historically XChat has not used ssl very securely; The last release of > it used terrible defaults such as forcing SSLv3 (which is known > insecure) and does not take any effort to verify the cert is for the > correct address you connected to. With this HexChat release this has > finally changed; Now only TLSv1.0+ are accepted and all hostnames are > verified as well as a few other more secure options." > > Given that the defaults are "known insecure" and that 14.04 is LTS, an > update, if possible, would be great. > > ** Affects: hexchat (Ubuntu) > Importance: Undecided > Status: New > > ** Information type changed from Private Security to Public Security > > -- > You received this bug notification because you are subscribed to hexchat > in Ubuntu. > Matching subscriptions: hexchat-bugs > https://bugs.launchpad.net/bugs/1396871 > > Title: > Update hexchat to 2.10.2 on 14.04 > > Status in “hexchat” package in Ubuntu: > New > > Bug description: > According to the release notes here: > https://hexchat.github.io/news/2.10.2.html > > "Historically XChat has not used ssl very securely; The last release > of it used terrible defaults such as forcing SSLv3 (which is known > insecure) and does not take any effort to verify the cert is for the > correct address you connected to. With this HexChat release this has > finally changed; Now only TLSv1.0+ are accepted and all hostnames are > verified as well as a few other more secure options." > > Given that the defaults are "known insecure" and that 14.04 is LTS, an > update, if possible, would be great. > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/hexchat/+bug/1396871/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1396871 Title: Update hexchat to 2.10.2 on 14.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hexchat/+bug/1396871/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
