{"id":"DEBIAN-CVE-2012-5524","details":"The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.","modified":"2026-04-28T20:12:08.978341Z","published":"2014-02-08T00:55:05.910Z","upstream":["CVE-2012-5524"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-5524"}],"affected":[{"package":{"name":"gajim","ecosystem":"Debian:11","purl":"pkg:deb/debian/gajim?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.4-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-5524.json"}},{"package":{"name":"gajim","ecosystem":"Debian:12","purl":"pkg:deb/debian/gajim?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.4-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-5524.json"}},{"package":{"name":"gajim","ecosystem":"Debian:13","purl":"pkg:deb/debian/gajim?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.4-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-5524.json"}},{"package":{"name":"gajim","ecosystem":"Debian:14","purl":"pkg:deb/debian/gajim?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.4-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-5524.json"}}],"schema_version":"1.7.5"}