CVE-2013-1431
Published: 30 May 2013
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.
Priority
Status
Package | Release | Status |
---|---|---|
telepathy-gabble Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(0.16.0-0ubuntu3.1)
|
|
quantal |
Released
(0.16.1-2ubuntu0.1)
|
|
raring |
Released
(0.16.5-0ubuntu1.1)
|
|
upstream |
Released
(0.16.6-1)
|
|
Patches: upstream: http://cgit.freedesktop.org/wocky/commit/?id=ff317a2783058e8e90fac21bd8ba18359c5401f9 upstream: http://cgit.freedesktop.org/telepathy/telepathy-gabble/commit/?id=c1d101558de76e3ebacd05fb032764a126d28468 upstream: http://cgit.freedesktop.org/telepathy/telepathy-gabble/commit/?id=1e99c77f8d8a686c4c1714a959c062bda6dc0c44 |