It was reported [1],[2] that a vulnerability exists in the Wocky submodule used by telepathy-gabble versions 0.9.x through to 0.16.5. A malicious remote user could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack on a user using telepathy-gabble. This flaw is fixed in the 0.16.6 release (and 0.17.4 development release) and the patch [3] is available for earlier versions. [1] https://bugs.freedesktop.org/show_bug.cgi?id=65036 [2] http://www.openwall.com/lists/oss-security/2013/05/30/2 [3] cgit.freedesktop.org/wocky/commit/?id=ff317a2783058e8e90fac21bd8ba18359c5401f9
Created telepathy-gabble tracking bugs for this issue Affects: fedora-all [bug 969198]
telepathy-gabble-0.16.6-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.