[Bug 1183425] [NEW] security update makes -idle unusable on servers with self-signed certificates
Jordi Mallach
jordi at sindominio.net
Thu May 23 15:56:22 UTC 2013
Public bug reported:
The recent security update to precise's telepathy-idle package
(0.1.11-2ubuntu0.1) adds strict checking for SSL certificates, as seen
in upstream's 0.1.15 release. However, the patch doesn't add any UI to
accept non-trusted certificates, making the IRC transport unusable
against servers using self-signed certificates.
This is a _massive_ regression, with an easy fix available in the form
of 0.1.16, which does add the required UI.
Debian's 0.1.16-1 package makes sure the upstream code doesn't require
the latest and greatest glib, making a backport trivial.
Please fetch the upstream patch and Debian's addition to ease the
backport to fix this issue.
Thanks,
Jordi
** Affects: telepathy-idle (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of
Telepathy, which is subscribed to telepathy-idle in Ubuntu.
https://bugs.launchpad.net/bugs/1183425
Title:
security update makes -idle unusable on servers with self-signed
certificates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/telepathy-idle/+bug/1183425/+subscriptions
More information about the Ubuntu-telepathy
mailing list