default configuration for irc clients should use ssl servers

Bug #1456778 reported by David Monniaux
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
irssi (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Ubuntu 14.04.2 LTS irssi 0.8.15-5ubuntu3

irssi installs a default list of IRC networks and servers, all using unencrypted communications. This allows eavesdropping, e.g. if people access the Internet from an insecure wifi connection. This allows eavesdroppers to record conversations and nickserv passwords and possibly to impersonate the legitimate users.

Many of these networks (e.g. OFTC, Freenode) now provide SSL servers. They should be configured in the default irssi configuration file that is installed if the user has none.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in irssi (Ubuntu):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package irssi - 1.1.1-1ubuntu1

---------------
irssi (1.1.1-1ubuntu1) devel; urgency=medium

  * Merge from Debian. Remaining changes:
    - Refresh and re-enabled 20fix_ssl_proxy_hostname_check.
      - When we have a proxy setting, we expect the CN to match
        the proxy hostname, not the server hostname.
    - d/p/03firsttimer_text:
      + Adapt 03firsttimer_text so it tells you about
        connecting to freenode and joining #ubuntu.
  * Changes no longer needed:
    - d/p/90irc-ubuntu-com:
      + irc.ubuntu.com was a CNAME to irc.freenode.net, but this prevents us
        from recommending and verifying TLS connections. (LP: #1456778)

irssi (1.1.1-1) unstable; urgency=medium

  [ Rhonda D'Vine ]
  * New upstream release.
  * Uploaded from mIRC.
  * Adjust 03firsttimer_text patch for new location of the text.
  * Update copyright format URL to use https.
  * Install example scripts.
  * Bump Standards-Version to 4.1.4.
  * Move repository to salsa, update Vcs-* URLs.

  [ Unit 193 ]
  * Use https for upstream homepage.
  * /connect OFTC instead of irc.debian.org to get an ssl connection.

 -- Unit 193 <email address hidden> Fri, 27 Jul 2018 07:01:51 -0400

Changed in irssi (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.