rpm package
opensuse/telepathy-gabble&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/telepathy-gabble&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-1431 | — | < 0.18.3-1.10 | 0.18.3-1.10 | Sep 23, 2013 | The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attac | ||
| CVE-2011-1000 | — | < 0.18.3-1.10 | 0.18.3-1.10 | Feb 19, 2011 | jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media. |
- CVE-2013-1431Sep 23, 2013affected < 0.18.3-1.10fixed 0.18.3-1.10
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attac
- CVE-2011-1000Feb 19, 2011affected < 0.18.3-1.10fixed 0.18.3-1.10
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.