[Telepathy] Announce: telepathy-idle 0.1.15

Simon McVittie simon.mcvittie at collabora.co.uk
Wed Apr 24 09:07:49 PDT 2013

The “secure by default“ release.

This fixes missing certificate validation in IRC-over-SSL (CVE ID not
yet issued). Upgrading is recommended.

Distributors who ship versions 0.1.11-0.1.14 can correct this flaw by
removing the call to g_socket_client_set_tls_validation_flags(), similar
to [1].

Versions 0.1.10 and older do not validate certificates at all; no patch
is available for these releases.

git: http://cgit.freedesktop.org/telepathy/telepathy-idle


• Validate TLS certificates properly, preventing man-in-the-middle
  attacks. (fd.o#63810, Simon)

  This will be a regression for users of IRC-over-SSL servers/proxies
  that do not have a certificate trusted by system-wide CA
  configuration; they will no longer be able to connect. If someone
  implements fd.o #57130, that will provide the ability for those users
  to approve additional certificates.

• Fix compilation and regression tests with GLib 2.36 (Simon)


More information about the telepathy mailing list