The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
Gentoo Linux Security Advisory 201401-2 - An error in Gajim causes invalid OpenSSL certificates to be accepted as valid. Versions less than 0.15.3-r1 are affected.