FEDORA-EPEL-2014-1414 — security update for gajim — Fedora Updates System

stable

gajim-0.14.4-4.el6

FEDORA-EPEL-2014-1414 created by mcepl 11 years ago for Fedora EPEL 6

patch for CVE-2012-5524

Gajim performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted.

This release fixes this issue.

This update has been submitted for testing by mcepl.

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

This update has been pushed to testing

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by mcepl.

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

This update has been pushed to stable

Please log in to add feedback.

Metadata

Type

security

Karma

0

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

11 years ago

in testing

11 years ago

in stable

11 years ago

Builds

1

gajim-0.14.4-4.el6

BZ#875809 CVE-2012-5524 gajim: Improper handling of invalid certificates

0

0

BZ#875821 CVE-2012-5524 gajim: Improper handling of invalid certificates [epel-all]

0

0

gajim-0.14.4-4.el6

Automated Test Results

None

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-21-hmlh5.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

• Composes • Legal • Privacy policy •