security regression: SSL CN check breaks IRC proxy
Bug #565182 reported by
Steve Langasek
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Irssi |
New
|
Undecided
|
Unassigned | ||
irssi (Ubuntu) |
Fix Released
|
High
|
Steve Langasek | ||
Hardy |
Fix Released
|
High
|
Jamie Strandboge | ||
Intrepid |
Fix Released
|
High
|
Jamie Strandboge | ||
Jaunty |
Fix Released
|
High
|
Jamie Strandboge | ||
Karmic |
Fix Released
|
High
|
Jamie Strandboge | ||
Lucid |
Fix Released
|
High
|
Steve Langasek |
Bug Description
Binary package hint: irssi
The latest security update for irssi breaks the use of SSL with proxies, because irssi tries to check the SSL cert's CN against the server name instead of against the proxy hostname.
Changed in irssi (Ubuntu Karmic): | |
status: | New → Triaged |
Changed in irssi (Ubuntu Lucid): | |
status: | New → In Progress |
Changed in irssi (Ubuntu Jaunty): | |
status: | New → Triaged |
Changed in irssi (Ubuntu Intrepid): | |
importance: | Undecided → High |
Changed in irssi (Ubuntu Lucid): | |
importance: | Undecided → High |
Changed in irssi (Ubuntu Karmic): | |
importance: | Undecided → High |
Changed in irssi (Ubuntu Jaunty): | |
importance: | Undecided → High |
Changed in irssi (Ubuntu Hardy): | |
importance: | Undecided → High |
tags: | added: regression-update |
Changed in irssi (Ubuntu Hardy): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in irssi (Ubuntu Intrepid): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in irssi (Ubuntu Jaunty): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in irssi (Ubuntu Karmic): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in irssi (Ubuntu Hardy): | |
status: | Triaged → In Progress |
Changed in irssi (Ubuntu Intrepid): | |
status: | Triaged → In Progress |
Changed in irssi (Ubuntu Jaunty): | |
status: | Triaged → In Progress |
Changed in irssi (Ubuntu Karmic): | |
status: | Triaged → In Progress |
To post a comment you must log in.
Here's a debdiff to fix this. Have uploaded to lucid, waiting in the unapproved queue there.