Your submission was sent successfully! Close

CVE-2010-1155

Published: 14 April 2010

Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.

Priority

Medium

Status

Package Release Status
irssi
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy
Released (0.8.12-3ubuntu3.2)
intrepid
Released (0.8.12-4ubuntu2.2)
jaunty
Released (0.8.12-6ubuntu1.2)
karmic
Released (0.8.14-1ubuntu1.1)
upstream Needs triage