Red Hat Bugzilla – Bug 969196
CVE-2013-1431 telepathy-gabble: MitM and TLS verification bypass in Wocky submodule
Last modified: 2013-06-08 22:25:37 EDT
It was reported , that a vulnerability exists in the Wocky submodule used by telepathy-gabble versions 0.9.x through to 0.16.5. A malicious remote user could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack on a user using telepathy-gabble. This flaw is fixed in the 0.16.6 release (and 0.17.4 development release) and the patch  is available for earlier versions.
Created telepathy-gabble tracking bugs for this issue
Affects: fedora-all [bug 969198]
telepathy-gabble-0.16.6-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.