-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2010-04-14 14:32:04 UTC
-
mfrom:
(2.1.4 squeeze)
-
Revision ID:
james.westby@ubuntu.com-20100414143204-zowd1yqu3icia9en
Tags: 0.8.14-1ubuntu1.1
* SECURITY UPDATE: perform certificate host validation
- debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against
CN. Also use one SSL_CTX per connection and use default trusted CAs if
nothing specified.
- CVE-2010-1155
* SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
the channel
- debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in
src/core/nicklist.c
- CVE-2010-1156
* debian/patches/92_disable_sslv2.patch: do not use SSLv2 protocol