[ubuntu/hardy-security] irssi (delayed), irssi 0.8.12-3ubuntu3.2 (Accepted)

Ubuntu Installer archive at ubuntu.com
Fri Apr 16 00:03:41 BST 2010 

irssi (0.8.12-3ubuntu3.2) hardy-security; urgency=low

  * SECURITY UPDATE: perform certificate host validation
    - debian/patches/92_CVE-2010-1155.patch: adjust to verify hostname against
      CN. Also use one SSL_CTX per connection and use default trusted CAs if
      nothing specified.
    - CVE-2010-1155
  * SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
    the channel
    - debian/patches/92_CVE-2010-1156.patch: verify channel is non-NULL in
      src/core/nicklist.c
    - CVE-2010-1156
  * debian/patches/92_disable_sslv2.patch: do not use SSLv2 protocol

Date: Wed, 14 Apr 2010 15:18:17 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/irssi/0.8.12-3ubuntu3.2
-------------- next part --------------
Format: 1.7
Date: Wed, 14 Apr 2010 15:18:17 -0500
Source: irssi
Binary: irssi irssi-dev
Architecture: source
Version: 0.8.12-3ubuntu3.2
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 irssi      - terminal based IRC client
 irssi-dev  - text-mode version of the irssi IRC client development files
Changes: 
 irssi (0.8.12-3ubuntu3.2) hardy-security; urgency=low
 .
   * SECURITY UPDATE: perform certificate host validation
     - debian/patches/92_CVE-2010-1155.patch: adjust to verify hostname against
       CN. Also use one SSL_CTX per connection and use default trusted CAs if
       nothing specified.
     - CVE-2010-1155
   * SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
     the channel
     - debian/patches/92_CVE-2010-1156.patch: verify channel is non-NULL in
       src/core/nicklist.c
     - CVE-2010-1156
   * debian/patches/92_disable_sslv2.patch: do not use SSLv2 protocol
Files: 
 9f0486989f51939747bb1ebb06954a27 997 net optional irssi_0.8.12-3ubuntu3.2.dsc
 9e57c160ead8a8f142d1f5a43832bffc 28157 net optional irssi_0.8.12-3ubuntu3.2.diff.gz
Original-Maintainer: David Pashley <david at davidpashley.com>

More information about the Hardy-changes mailing list