Jump to:

CVE-2013-0289

Jump to:

CVE-2013-0289

Package isync updated to version 1.1.2-alt1.git20140712 for branch sisyphus in task 129186.

Published: 2014-05-23
Modified: 2024-11-21

CVE-2013-0289

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Severity: MEDIUM (4.3)

References:

FEDORA-2013-2795
FEDORA-2013-2795
FEDORA-2013-2758
FEDORA-2013-2758
55190
55190
GLSA-201310-02
GLSA-201310-02
http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb
http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb
http://sourceforge.net/projects/isync/files/isync/1.0.6/
http://sourceforge.net/projects/isync/files/isync/1.0.6/
[oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)
[oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)
57423
57423
isync-ssl-info-disc(82232)
isync-ssl-info-disc(82232)

Version: 2.1.0

Package isync update in sisyphus on 2014-09-08

ALT-PU-2014-2095-1

Closed vulnerabilities

CVE-2013-0289