changeset 28537:62edf13f815b

Add the XMPP SSL/TLS bug to the ChangeLog
author Mark Doliner <mark@kingant.net>
date Thu, 03 Sep 2009 18:20:53 +0000
parents 5a1d215211e2
children c4a14bbe1b18
files ChangeLog
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Sep 03 16:17:12 2009 +0000
+++ b/ChangeLog	Thu Sep 03 18:20:53 2009 +0000
@@ -26,6 +26,9 @@
 	  room@conference.example.net is a MUC.
 	* Don't crash when receiving "smileyfied" XHTML-IM from clients that don't
 	  support bits of binary (ie. when getting an empty <data/> in return)
+	* Fix bug where SSL/TLS was not required even though the
+	  "require SSL/TLS" preference checked when connecting to servers
+	  that use the older iq-based authentication.  (CVE-2009-3026)
 
 	Yahoo!/Yahoo! JAPAN:
 	* Accounts now have "Use account proxy for SSL connections" option.  This