MGASA-2015-0050

Source
https://advisories.mageia.org/MGASA-2015-0050.html
Import Source
https://advisories.mageia.org/MGASA-2015-0050.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2015-0050
Published
2015-02-05T22:26:07Z
Modified
2026-04-16T04:28:43.491983Z
Summary
Updated hexchat packages fix security vulnerability
Details

HexChat did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

References
Credits

Affected packages

Mageia:4 / hexchat

Package

Name
hexchat
Purl
pkg:rpm/mageia/hexchat?arch=source&distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.6.1-3.1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2015-0050.json"