The ssldoconnect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "hexchat", "binary_version": "2.9.6.1-2ubuntu0.1" }, { "binary_name": "hexchat-common", "binary_version": "2.9.6.1-2ubuntu0.1" }, { "binary_name": "hexchat-dbgsym", "binary_version": "2.9.6.1-2ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "xchat-gnome", "binary_version": "1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2" }, { "binary_name": "xchat-gnome-common", "binary_version": "1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2" }, { "binary_name": "xchat-gnome-dbgsym", "binary_version": "1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "hexchat", "binary_version": "2.10.2-1ubuntu2" }, { "binary_name": "hexchat-common", "binary_version": "2.10.2-1ubuntu2" }, { "binary_name": "hexchat-dbgsym", "binary_version": "2.10.2-1ubuntu2" }, { "binary_name": "hexchat-perl", "binary_version": "2.10.2-1ubuntu2" }, { "binary_name": "hexchat-perl-dbgsym", "binary_version": "2.10.2-1ubuntu2" }, { "binary_name": "hexchat-plugins", "binary_version": "2.10.2-1ubuntu2" }, { "binary_name": "hexchat-plugins-dbgsym", "binary_version": "2.10.2-1ubuntu2" }, { "binary_name": "hexchat-python", "binary_version": "2.10.2-1ubuntu2" }, { "binary_name": "hexchat-python-dbgsym", "binary_version": "2.10.2-1ubuntu2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "xchat-gnome", "binary_version": "1:0.30.0~git20141005.816798-0ubuntu9" }, { "binary_name": "xchat-gnome-common", "binary_version": "1:0.30.0~git20141005.816798-0ubuntu9" }, { "binary_name": "xchat-gnome-dbgsym", "binary_version": "1:0.30.0~git20141005.816798-0ubuntu9" } ] }