FS#44021 - [xchat] doesn't support TLS v1.0+
Attached to Project:
Arch Linux
Opened by Steven Noonan (neunon) - Monday, 02 March 2015, 18:52 GMT
Last edited by Eric Belanger (Snowman) - Thursday, 04 June 2015, 02:32 GMT
Opened by Steven Noonan (neunon) - Monday, 02 March 2015, 18:52 GMT
Last edited by Eric Belanger (Snowman) - Thursday, 04 June 2015, 02:32 GMT
|
Details
Xchat doesn't support TLS 1.0+, this is a potential security
issue given the vulnerabilities to SSLv2/SSLv3. Patch to
enable TLS 1.0+ is available in the Ubuntu bug tracker:
https://bugs.launchpad.net/ubuntu/+source/xchat/+bug/1381777 https://launchpadlibrarian.net/187439205/sslv23_method.patch |
This task depends upon
Closed by Eric Belanger (Snowman)
Thursday, 04 June 2015, 02:32 GMT
Reason for closing: Fixed
Additional comments about closing: in xchat-2.8.8-15. Will be in repo with perl 5.22 rebuild (in a few days to a week or two)
Thursday, 04 June 2015, 02:32 GMT
Reason for closing: Fixed
Additional comments about closing: in xchat-2.8.8-15. Will be in repo with perl 5.22 rebuild (in a few days to a week or two)
Comment by Doug Newgard (Scimmia) -
Monday, 02 March 2015, 20:45 GMT
Comment by Steven Noonan (neunon) -
Monday, 02 March 2015, 21:01 GMT
Comment by Doug Newgard (Scimmia) -
Monday, 02 March 2015, 21:08 GMT
Comment by Steven Noonan (neunon) -
Monday, 02 March 2015, 21:32 GMT
Comment by Steven Noonan (neunon) -
Monday, 02 March 2015, 21:48 GMT
Dead upstream and security problems. Is it worth keeping in the
repo?
Xchat is one of the only decent IRC clients. Personally I'd prefer
to see it stay. It's not terribly broken, just unmaintained.
I would argue that hexchat is the better alternative for xchat
users.
Nice. Didn't know about that one.
Having investigated HexChat I kind of agree Xchat is candidate for
removal...