[Secure-testing-team] Bug#652378: CVE-2011-1431 in TLS patch
Moritz Muehlenhoff
jmm at debian.org
Fri Dec 16 21:01:26 UTC 2011
Source: qmail
Severity: important
Tags: security
The source package embeds the qmail TLS patch, which is affected by
this STARTTLS issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1431
It appears as if the TLS patch isn't applied, it makes sense however
to update the patch anyway.
BTW, shouldn't this package be removed altogether now that netqmail
is in the archive?
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list