Launchpad.net

CVE 2013-4488

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.

See the CVE page on Mitre.org for more details.