[Telepathy] Security release: telepathy-gabble 0.16.6

Simon McVittie simon.mcvittie at collabora.co.uk
Thu May 30 07:54:00 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The “repeated gas boiler replacement” release.

tarball:
http://telepathy.freedesktop.org/releases/telepathy-gabble/telepathy-gabble-0.16.6.tar.gz
signature:
http://telepathy.freedesktop.org/releases/telepathy-gabble/telepathy-gabble-0.16.6.tar.gz.asc
git: http://cgit.freedesktop.org/telepathy/telepathy-gabble

This release fixes a man-in-the-middle attack. You should upgrade.

If you use an unencrypted connection to a "legacy Jabber" (pre-XMPP)
server, this version of Gabble will not connect until you make
one of these configuration changes:

• upgrade the server software to something that supports XMPP 1.0; or
• use an encrypted "old SSL" connection, typically on port 5223
  (old-ssl); or
• turn off "Encryption required (TLS/SSL)" (require-encryption)

Fixes:

• fd.o #65036 (CVE-2013-1431): update Wocky to respect the tls-required
  flag on legacy Jabber servers (Simon)

• fd.o #63119: improve regression tests' isolation from the session bus
  (Simon)
-----BEGIN PGP SIGNATURE-----

iQIVAwUBUadoB03o/ypjx8yQAQgVBA/+JeR8cGRmL0jgx5GxUOy34B6YrJ2eemwU
m8HwX2eX2F5Beng9bgSDubuxRqiBmsrl4igTJDuQQFZJBx3AjpMjRq9sJpxUZxH9
Dk55kiReL1vzVkW6El7T7ehON3E3h5x5q92Ew9Hf8rjqLlbQXX7qKkvqM0eyBGi3
iOIO21j6Rz5dzesdgmagqzhC51mei42a0E7jFO0uclsPMjCVhILEg0NzOnoV48hC
1OTDX4cZtAxuarhgtESHNv2tMjENJYsusN9d24mKUewk/ko0UvjRAeXwLSutCaEY
BMQvAIeqJ/o4ytCekaekATbsHdP0HLiGWOPJHsRXSymfoSC7V85e5b4Vyh1uaDHG
WOYdEoVKAMXDQ2YsA2p4IvUJ1s+myI8CsLsJeXPLz7sdMtTcoXrn6EqCi7NMj2z5
ycTlL9IKWsptzEHoJlvewqZiM/6X1FH9Sc/jVWzMeCRGx/vpbeHKCqNCYHNzNHuc
oNDc3C35CgWYqwTznPPh9mUd8DB2M1uOh+XW5aRs6Tr0qxNeoCkeUYamuv3k0xyh
LW+zrGNjfleKVh6SP/q/K0Xq6VZA46e56nZ/cP8cRy9llCqD5Yb69WNDXesG4L9W
xivReWRjBocLGW85nUNPqTr5M0k9x+ILkIMhVDFfNBa1oDj0dd1SDqS/R+M9Vhkm
FKrCYnOOyzw=
=lwMH
-----END PGP SIGNATURE-----


More information about the telepathy mailing list