[ubuntu/trusty-security] hexchat 2.9.6.1-2ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Apr 4 15:02:01 UTC 2016
hexchat (2.9.6.1-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: no ssl hostname verification (LP: #1565000)
- debian/patches/validate_ssl_hostnames.patch: properly validate
hostnames in src/common/server.c, src/common/ssl.c, src/common/ssl.h.
- CVE number pending
* SECURITY UPDATE: missing ssl certificate handled incorrectly
- debian/patches/handle_missing_ssl_cert.patch: fail connection if
certificate isn't found in src/common/server.c.
- No CVE number
Date: 2016-04-02 00:10:12.609765+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/hexchat/2.9.6.1-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list