www: c849aa09: Document the vulnerable versions.
darkrain42 at pidgin.im
darkrain42 at pidgin.im
Tue Sep 8 18:21:44 EDT 2009
-----------------------------------------------------------------
Revision: c849aa097db3b3a51447a06a2513eda86954003c
Ancestor: a0b587b557cc9af1d268529d09aced5ccdcefcb6
Author: darkrain42 at pidgin.im
Date: 2009-09-08T22:16:27
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/c849aa097db3b3a51447a06a2513eda86954003c
Modified files:
htdocs/news/security/index.php
ChangeLog:
Document the vulnerable versions.
-------------- next part --------------
============================================================
--- htdocs/news/security/index.php 15cf48eb2584d87265e603700beb89a1d5c2ef60
+++ htdocs/news/security/index.php 7c1e88d5f1c08324c758257fb0452dc2eabedde3
@@ -383,7 +383,7 @@ $vulnerabilities = array(
"date" => "3 September 2009",
"cve" => "CVE-2009-3026",
"summary" => "XMPP does not always respect the \"require TLS/SSL\" preference",
- "description" => "The XMPP protocol plugin can be tricked into establishing an insecure connection by a malicious man in the middle by causing libpurple to use the older iq-based login and then not offering TLS/SSL. libpurple versions less than 2.6.0.",
+ "description" => "The XMPP protocol plugin can be tricked into establishing an insecure connection by a malicious man in the middle by causing libpurple to use the older IQ-based login and then not offering TLS/SSL. The \"require TLS/SSL\" option was introduced in 2.2.0.",
"fix" => "Respect the \"require TLS/SSL\" preference for this type of connection.",
"fixrevisions" => "55897c4ce0787edc1e7721b7f4a9b5cbc8357279",
"fixedversion" => "2.6.0",
More information about the Commits
mailing list