-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2010-04-14 15:18:17 UTC
-
Revision ID:
james.westby@ubuntu.com-20100414151817-571tinu91e0jvcv8
Tags: 0.8.12-3ubuntu3.2
* SECURITY UPDATE: perform certificate host validation
- debian/patches/92_CVE-2010-1155.patch: adjust to verify hostname against
CN. Also use one SSL_CTX per connection and use default trusted CAs if
nothing specified.
- CVE-2010-1155
* SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
the channel
- debian/patches/92_CVE-2010-1156.patch: verify channel is non-NULL in
src/core/nicklist.c
- CVE-2010-1156
* debian/patches/92_disable_sslv2.patch: do not use SSLv2 protocol