Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1428 to the following vulnerability: Name: CVE-2011-1428 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1428 Assigned: 20110316 Reference: http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html Reference: http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91 Reference: http://savannah.nongnu.org/patch/index.php?7459 Reference: http://www.securityfocus.com/bid/46612 Reference: http://secunia.com/advisories/43543 Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
Created weechat tracking bugs for this issue Affects: fedora-all [bug 688752] Affects: epel-all [bug 688753]
Both Fedora and EPEL now have 0.3.9.2 or higher which contain the fix.