~ubuntu-branches/ubuntu/karmic/irssi/karmic-security

Viewing all changes in revision 20.

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2010-04-14 14:32:04 UTC
  • mfrom: (2.1.4 squeeze)
  • Revision ID: james.westby@ubuntu.com-20100414143204-zowd1yqu3icia9en
Tags: 0.8.14-1ubuntu1.1
* SECURITY UPDATE: perform certificate host validation
  - debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against
    CN. Also use one SSL_CTX per connection and use default trusted CAs if
    nothing specified.
  - CVE-2010-1155
* SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
  the channel
  - debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in
    src/core/nicklist.c
  - CVE-2010-1156
* debian/patches/92_disable_sslv2.patch: do not use SSLv2 protocol

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: