[telepathy-gabble-0.16] telepathy-gabble: NEWS: update and describe configuration changes for fd.o #65036

[Simon McVittie]

Module: telepathy-gabble
Branch: telepathy-gabble-0.16
Commit: e8623e79ec356d4e72286140aa31656dc87b0567
URL:    http://cgit.freedesktop.org/telepathy/telepathy-gabble/commit/?id=e8623e79ec356d4e72286140aa31656dc87b0567

Author: Simon McVittie <simon.mcvittie at collabora.co.uk>
Date:   Wed May 29 17:22:51 2013 +0100

NEWS: update and describe configuration changes for fd.o #65036

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036
Reviewed-by: Will Thompson <will.thompson at collabora.co.uk>
[added CVE ID now that we have one -smcv]

---

 NEWS |   21 +++++++++++++++++++++
 1 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/NEWS b/NEWS
index 5cd2165..9fee338 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,24 @@
+telepathy-gabble 0.16.6 (UNRELEASED)
+====================================
+
+This release fixes a man-in-the-middle attack. You should upgrade.
+
+If you use an unencrypted connection to a "legacy Jabber" (pre-XMPP)
+server, this version of Gabble will not connect until you make
+one of these configuration changes:
+
+• upgrade the server software to something that supports XMPP 1.0; or
+• use an encrypted "old SSL" connection, typically on port 5223 (old-ssl); or
+• turn off "Encryption required (TLS/SSL)" (require-encryption)
+
+Fixes:
+
+• fd.o #65036 (CVE-2013-1431): update Wocky to respect the tls-required
+  flag on legacy Jabber servers (Simon)
+
+• fd.o #63119: improve regression tests' isolation from the session bus
+  (Simon)
+
 telepathy-gabble 0.16.5 (2013-03-01)
 ====================================