See https://weechat.org/doc/security/WSA-2022-1/ From weechat-security: """ Hi all, A security vulnerability has been fixed in WeeChat 3.4.1, which was released yesterday: after changing some GnuTLS options, the server certificate is not verified any more on new TLS connections. This vulnerability affects WeeChat versions from 3.2 to 3.4. For more information, see the WeeChat Security Advisory (WSA): https://weechat.org/doc/security/WSA-2022-1/ """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=070770b2348f6ea58dc29c66042b9eaa82d64f4d commit 070770b2348f6ea58dc29c66042b9eaa82d64f4d Author: Jonathan Davies <jpds@protonmail.com> AuthorDate: 2022-03-15 13:50:03 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-16 17:04:30 +0000 net-irc/weechat: Version updated to 3.4.1. Bug: https://bugs.gentoo.org/835133 Signed-off-by: Jonathan Davies <jpds@protonmail.com> Signed-off-by: Sam James <sam@gentoo.org> net-irc/weechat/Manifest | 1 + net-irc/weechat/weechat-3.4.1.ebuild | 178 +++++++++++++++++++++++++++++++++++ 2 files changed, 179 insertions(+)
