[ubuntu/lucid] irssi 0.8.14-1ubuntu3 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Wed Apr 14 20:30:24 BST 2010 

irssi (0.8.14-1ubuntu3) lucid; urgency=low

  * SECURITY UPDATE: perform certificate host validation
    - debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against
      CN. Also use one SSL_CTX per connection and use default trusted CAs if
      nothing specified. This can be dropped in 0.8.15.
    - CVE-2010-1155
  * SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
    the channel
    - debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in
      src/core/nicklist.c. This can be dropped in 0.8.15.
    - CVE-2010-1156
  * Do not use SSLv2 protocol. This can be dropped in 0.8.16.

Date: Wed, 14 Apr 2010 13:36:33 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/irssi/0.8.14-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 14 Apr 2010 13:36:33 -0500
Source: irssi
Binary: irssi irssi-dev
Architecture: source
Version: 0.8.14-1ubuntu3
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 irssi      - terminal based IRC client
 irssi-dev  - terminal based IRC client - development files
Changes: 
 irssi (0.8.14-1ubuntu3) lucid; urgency=low
 .
   * SECURITY UPDATE: perform certificate host validation
     - debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against
       CN. Also use one SSL_CTX per connection and use default trusted CAs if
       nothing specified. This can be dropped in 0.8.15.
     - CVE-2010-1155
   * SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
     the channel
     - debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in
       src/core/nicklist.c. This can be dropped in 0.8.15.
     - CVE-2010-1156
   * Do not use SSLv2 protocol. This can be dropped in 0.8.16.
Checksums-Sha1: 
 60975dac97b4b356eea77c00aa3946b83160f23c 1383 irssi_0.8.14-1ubuntu3.dsc
 128f21310da0eb8797c68bd0180efd63cd0cf910 21640 irssi_0.8.14-1ubuntu3.diff.gz
Checksums-Sha256: 
 c56c97eeb1a87e4f3eda493fe1782b1137e7f78f20c7b47c9525a0336f7ac978 1383 irssi_0.8.14-1ubuntu3.dsc
 048dc3d99362b43535c152fc5daf8fc2264d06a45a0a4c9b83309fbf62b69c7a 21640 irssi_0.8.14-1ubuntu3.diff.gz
Files: 
 fe5ba8febe5734047e582be232006bfa 1383 net optional irssi_0.8.14-1ubuntu3.dsc
 96961357170e390554116897496c2f5b 21640 net optional irssi_0.8.14-1ubuntu3.diff.gz
Original-Maintainer: David Pashley <david at davidpashley.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvGFekACgkQW0JvuRdL8BoSmQCfXFVQptRLkwtiUtBtT0W/4tbI
lPgAn3Fq6bSEHXLsU/qNVIrpoW0JODnD
=RZbo
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list