FS#44021 - [xchat] doesn't support TLS v1.0+
Attached to Project:
Arch Linux
Opened by Steven Noonan (neunon) - Monday, 02 March 2015, 18:52 GMT
Last edited by Eric Belanger (Snowman) - Thursday, 04 June 2015, 02:32 GMT
Opened by Steven Noonan (neunon) - Monday, 02 March 2015, 18:52 GMT
Last edited by Eric Belanger (Snowman) - Thursday, 04 June 2015, 02:32 GMT
|
Details
Xchat doesn't support TLS 1.0+, this is a potential security
issue given the vulnerabilities to SSLv2/SSLv3. Patch to
enable TLS 1.0+ is available in the Ubuntu bug tracker:
https://bugs.launchpad.net/ubuntu/+source/xchat/+bug/1381777 https://launchpadlibrarian.net/187439205/sslv23_method.patch |
This task depends upon
Closed by Eric Belanger (Snowman)
Thursday, 04 June 2015, 02:32 GMT
Reason for closing: Fixed
Additional comments about closing: in xchat-2.8.8-15. Will be in repo with perl 5.22 rebuild (in a few days to a week or two)
Thursday, 04 June 2015, 02:32 GMT
Reason for closing: Fixed
Additional comments about closing: in xchat-2.8.8-15. Will be in repo with perl 5.22 rebuild (in a few days to a week or two)
Comment by Doug Newgard (Scimmia) -
Monday, 02 March 2015, 20:45 GMT
Dead upstream and security problems. Is it worth keeping in the
repo?
Comment by Steven Noonan (neunon) -
Monday, 02 March 2015, 21:01 GMT
Xchat is one of the only decent IRC clients. Personally I'd prefer
to see it stay. It's not terribly broken, just unmaintained.
Comment by Doug Newgard (Scimmia) -
Monday, 02 March 2015, 21:08 GMT
I would argue that hexchat is the better alternative for xchat
users.
Comment by Steven Noonan (neunon) -
Monday, 02 March 2015, 21:32 GMT
Nice. Didn't know about that one.
Comment by Steven Noonan (neunon) -
Monday, 02 March 2015, 21:48 GMT
Having investigated HexChat I kind of agree Xchat is candidate for
removal...