CVE-2013-1431 Information

Description

The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4 when connecting to a \legacy Jabber server\ does not properly enforce the WockyConnector:tls-required flag which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.

Reference

http://seclists.org/oss-sec/2013/q2/438 http://secunia.com/advisories/53779 http://www.debian.org/security/2013/dsa-2702 http://www.ubuntu.com/usn/USN-1873-1 https://bugs.freedesktop.org/show_bug.cgi?id=65036