DSA-2702-1 telepathy-gabble -- TLS verification bypassID: oval:org.secpod.oval:def:601048 | Date: (C)2013-06-03 (M)2022-10-10 |
Class: PATCH | Family: unix |
Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack.
Platform: |
Debian 7.0 |
Debian 6.0 |