Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 2 | noarch | telepathy-gabble | <Â 0.16.6-1 | telepathy-gabble-0.16.6-1.mga2 |
Mageia | 3 | noarch | telepathy-gabble | <Â 0.17.4-1 | telepathy-gabble-0.17.4-1.mga3 |