CVE-2011-1428

Name	CVE-2011-1428
Description	Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2598-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
weechat (PTS)	jessie, jessie (lts)	1.0.1-1+deb8u4	fixed
	stretch (security), stretch (lts), stretch	1.6-1+deb9u3	fixed
	buster	2.3-1+deb10u1	fixed
	bullseye	3.0-1+deb11u1	fixed
	bookworm	3.8-1	fixed
	sid, trixie	4.1.1-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
weechat	source	squeeze	0.3.2-1+squeeze1		DSA-2598-1
weechat	source	(unstable)	0.3.5-1