SUSE CVE-2013-1431

The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks...

openSUSE Security Update : telepathy-gabble (openSUSE-SU-2013:1013-1)

This update of telepathy-gabble fixes a TLS bypass problem. Changes in telepathy-gabble : - Add telepathy-gabble-cve-2013-1431.patch bnc822586. This makes it respect the TLS-required flag on legacy Jabber servers. Identified as CVE-2013-1431. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...

Ubuntu Update for telepathy-gabble USN-1873-1

Check for the Version of telepathy-gabble OpenVAS Vulnerability Test $Id: gbubuntuUSN18731.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for telepathy-gabble USN-1873-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This progra...

Ubuntu 12.04 LTS / 12.10 / 13.04 : telepathy-gabble vulnerabilities (USN-1873-1)

Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. CVE-2013-1431 It was discovered that telepathy-gabb...

Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64

CVE-2009-3026 pidgin: ignores SSL/TLS requirements with old jabber servers CVE-2009-2703 Pidgin: NULL pointer dereference by handling IRC topics DoS CVE-2009-3083 Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite DoS CVE-2009-3085 Pidgin: NULL pointer dereference by...

pidgin: ignores SSL/TLS requirements with old jabber servers

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

DEBIAN-CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

Exodus v0.10 uri handler arbitrary parameter injection

-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug...