CVE-2007-6746

Publication date 31 December 2007

Last updated 24 July 2024

Ubuntu priority

telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
telepathy-idle	13.04 raring	Fixed 0.1.14-1ubuntu0.1
	12.10 quantal	Fixed 0.1.12-1ubuntu0.1
	12.04 LTS precise	Fixed 0.1.11-2ubuntu0.1
	11.10 oneiric	Ignored end of life
	10.04 LTS lucid	Ignored end of life
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1821-1
telepathy-idle vulnerability
9 May 2013

Other references

http://marc.info/?l=oss-security&m=136726803418172&w=2
https://www.cve.org/CVERecord?id=CVE-2007-6746