John Goerzen wrote: > Package: gajim > Version: 0.11.2-1 > Severity: normal > > gajim does not validate server SSL/TLS certificates. This can negate > a large part of the benefit of using SSL/TLS and makes gajim > vulnerable to man-in-the-middle attacks. > > psi performs these validations correctly. > > -- System Information: > Debian Release: lenny/sid > APT prefers unstable > APT policy: (500, 'unstable'), (99, 'experimental') > Architecture: i386 (i686) > > Kernel: Linux 2.6.22-2-686 (SMP w/2 CPU cores) > Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1) > Shell: /bin/sh linked to /bin/bash > > Versions of packages gajim depends on: > ii python 2.4.4-6 An interactive high-level > object-o > ii python-glade2 2.12.0-1 GTK+ bindings: Glade support > ii python-gtk2 2.12.0-1 Python bindings for the GTK+ > widge > ii python-pysqlite2 2.3.5-1 python interface to SQLite 3 > ii python-support 0.7.4 automated rebuilding support for > p > > Versions of packages gajim recommends: > ii dbus 1.1.1-3 simple interprocess messaging > syst > ii dnsutils 1:9.4.1-P1-3 Clients provided with BIND > ii notification-daemon 0.3.7-1+b1 a daemon that displays passive > pop > ii python-dbus 0.82.3-1 simple interprocess messaging > syst > ii python-gnupginterface 0.3.2-9 Python interface to GnuPG (GPG) > > -- no debconf information > >
We (upstream) are working on that using python-pyopenssl that is able to check certificates. -- Yann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
