Viewing all changes in revision 21.
- Committer: Bazaar Package Importer
- Date: 2010-04-14 13:36:33 UTC
- Revision ID: james.westby@ubuntu.com-20100414133633-qn4xagdn8am0kqk2
* SECURITY UPDATE: perform certificate host validation
- debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against
CN. Also use one SSL_CTX per connection and use default trusted CAs if
nothing specified. This can be dropped in 0.8.15.
- CVE-2010-1155
* SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
the channel
- debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in
src/core/nicklist.c. This can be dropped in 0.8.15.
- CVE-2010-1156
* Do not use SSLv2 protocol. This can be dropped in 0.8.16.
- debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against
CN. Also use one SSL_CTX per connection and use default trusted CAs if
nothing specified. This can be dropped in 0.8.15.
- CVE-2010-1155
* SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
the channel
- debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in
src/core/nicklist.c. This can be dropped in 0.8.15.
- CVE-2010-1156
* Do not use SSLv2 protocol. This can be dropped in 0.8.16.
expand all
collapse all
added
removed
