irssi vulnerabilities

2010-04-1500:00:00

ubuntu.com

6.1 Medium

AI Score

Confidence

Low

0.254 Low

EPSS

Percentile

96.7%

JSON

Releases

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04

Packages

irssi -

Details

It was discovered that irssi did not perform certificate host validation
when using SSL connections. An attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter encrypted
communications. (CVE-2010-1155)

Aurelien Delaitre discovered that irssi could be made to dereference a NULL
pointer when a user left the channel. A remote attacker could cause a
denial of service via application crash. (CVE-2010-1156)

This update also adds SSLv3 and TLSv1 support, while disabling the old,
insecure SSLv2 protocol.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchirssi< 0.8.14-1ubuntu1.1UNKNOWN
Ubuntu9.10noarchirssi-dev< 0.8.14-1ubuntu1.1UNKNOWN
Ubuntu9.04noarchirssi< 0.8.12-6ubuntu1.2UNKNOWN
Ubuntu9.04noarchirssi< dev-0.8.12-6ubuntu1.2UNKNOWN
Ubuntu8.10noarchirssi< 0.8.12-4ubuntu2.2UNKNOWN
Ubuntu8.10noarchirssi< dev-0.8.12-4ubuntu2.2UNKNOWN
Ubuntu8.04noarchirssi< 0.8.12-3ubuntu3.2UNKNOWN
Ubuntu8.04noarchirssi-dev< 0.8.12-3ubuntu3.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	irssi	< 0.8.14-1ubuntu1.1	UNKNOWN
Ubuntu	9.10	noarch	irssi-dev	< 0.8.14-1ubuntu1.1	UNKNOWN
Ubuntu	9.04	noarch	irssi	< 0.8.12-6ubuntu1.2	UNKNOWN
Ubuntu	9.04	noarch	irssi	< dev-0.8.12-6ubuntu1.2	UNKNOWN
Ubuntu	8.10	noarch	irssi	< 0.8.12-4ubuntu2.2	UNKNOWN
Ubuntu	8.10	noarch	irssi	< dev-0.8.12-4ubuntu2.2	UNKNOWN
Ubuntu	8.04	noarch	irssi	< 0.8.12-3ubuntu3.2	UNKNOWN
Ubuntu	8.04	noarch	irssi-dev	< 0.8.12-3ubuntu3.2	UNKNOWN