-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2010-04-14 13:36:33 UTC
-
Revision ID:
james.westby@ubuntu.com-20100414133633-qn4xagdn8am0kqk2
Tags: 0.8.14-1ubuntu3
* SECURITY UPDATE: perform certificate host validation
- debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against
CN. Also use one SSL_CTX per connection and use default trusted CAs if
nothing specified. This can be dropped in 0.8.15.
- CVE-2010-1155
* SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
the channel
- debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in
src/core/nicklist.c. This can be dropped in 0.8.15.
- CVE-2010-1156
* Do not use SSLv2 protocol. This can be dropped in 0.8.16.