—
PYSEC-2019-129
Details
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://twistedmatrix.com/trac/ticket/9561 [WEB]
- https://github.com/twisted/twisted/pull/1147 [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/ [WEB]
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html [WEB]
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html [WEB]
- https://usn.ubuntu.com/4308-1/ [WEB]
- https://usn.ubuntu.com/4308-2/ [WEB]
- https://www.oracle.com/security-alerts/cpuapr2020.html [WEB]
- https://github.com/advisories/GHSA-65rm-h285-5cc5 [ADVISORY]