It was discovered that irssi did not perform certificate host validation
when using SSL connections. An attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter encrypted
communications. (CVE-2010-1155)
Aurelien Delaitre discovered that irssi could be made to dereference a NULL
pointer when a user left the channel. A remote attacker could cause a
denial of service via application crash. (CVE-2010-1156)
This update also adds SSLv3 and TLSv1 support, while disabling the old,
insecure SSLv2 protocol.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | irssi | < 0.8.14-1ubuntu1.1 | UNKNOWN |
Ubuntu | 9.10 | noarch | irssi-dev | < 0.8.14-1ubuntu1.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | irssi | < 0.8.12-6ubuntu1.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | irssi | < dev-0.8.12-6ubuntu1.2 | UNKNOWN |
Ubuntu | 8.10 | noarch | irssi | < 0.8.12-4ubuntu2.2 | UNKNOWN |
Ubuntu | 8.10 | noarch | irssi | < dev-0.8.12-4ubuntu2.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | irssi | < 0.8.12-3ubuntu3.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | irssi-dev | < 0.8.12-3ubuntu3.2 | UNKNOWN |