CVE-2011-1428

NameCVE-2011-1428
DescriptionWee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2598-1
NVD severitymedium (attack range: remote, user-initiated)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
weechat (PTS)squeeze, squeeze (security)0.3.2-1+squeeze1fixed
wheezy0.3.8-1+deb7u1fixed
jessie1.0.1-1fixed
sid, stretch1.1.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
weechatsource(unstable)0.3.5-1medium
weechatsourcesqueeze0.3.2-1+squeeze1mediumDSA-2598-1

Search for package or bug name: Reporting problems