1
Candidate: CVE-2013-4488
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4488
5
http://www.openwall.com/lists/oss-security/2013/10/31
6
http://www.mail-archive.com/libgadu-devel@lists.ziew.org/msg01017.html
8
libgadu before 1.12.0 does not verify X.509 certificates from SSL servers,
9
which allows man-in-the-middle attackers to spoof servers.
12
mdeslaur> we build with the gnutls backend
13
mdeslaur> upstream certs don't actually match host names used, so
14
mdeslaur> correct cert validation is difficult.
16
https://bugzilla.novell.com/show_bug.cgi?id=848653
17
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4488
23
upstream_libgadu: needs-triage
24
lucid_libgadu: ignored (reached end-of-life)
25
precise_libgadu: ignored (reached end-of-life)
26
precise/esm_libgadu: DNE (precise was needed)
27
quantal_libgadu: ignored (reached end-of-life)
28
raring_libgadu: ignored (reached end-of-life)
29
saucy_libgadu: ignored (reached end-of-life)
30
trusty_libgadu: needed
31
utopic_libgadu: ignored (reached end-of-life)
32
vivid_libgadu: ignored (reached end-of-life)
33
vivid/stable-phone-overlay_libgadu: DNE
34
vivid/ubuntu-core_libgadu: DNE
35
wily_libgadu: ignored (reached end-of-life)
36
xenial_libgadu: needed
37
yakkety_libgadu: ignored (reached end-of-life)
38
zesty_libgadu: ignored (reached end-of-life)
39
artful_libgadu: needed
40
bionic_libgadu: needed