Am 05.07.2016 um 17:53 schrieb Salvatore Bonaccorso: > Source: xchat-gnome
> CVE-2013-7449[0]: > | The ssl_do_connect function in common/server.c in HexChat before > | 2.10.2, XChat, and XChat-GNOME does not verify that the server > | hostname matches a domain name in the X.509 certificate, which allows > | man-in-the-middle attackers to spoof SSL servers via an arbitrary > | valid certificate. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > We have a supported successor/alternative with hexchat, so I'm inclined to request the removal of the package. Joss et al, do you see any reason why we should keep the package? Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
