Ubuntu Security Notice 1873-1 - Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. It was discovered that telepathy-gabble incorrectly handled certain messages. A remote attacker could use this flaw to cause applications using telepathy-gabble to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Various other issues were also addressed.
475c147ea25f27fd09e417df761aac28b56130610bbc492d82ae1d721f2758b0
Debian Linux Security Advisory 2702-1 - Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack.
6949abe285282ac5e2ae2ea127cf92f08bcd070215f0049630e67a6a6c5da94b