[Bug 1383415] [NEW] Incorrect use of SSL options
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Oct 20 18:08:38 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
The following commit is incorrect:
https://github.com/apache/spamassassin/commit/87caaa37615318eaa8940a5c6f3d6065cedd86d1
This makes spamassassin use SSLv3 by default, and does _not_ do what is
documented:
"The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
higher hello handshake, then negotiating use of SSLv3 or TLSv1
protocol if the client can accept it."
** Affects: spamassassin
Importance: Unknown
Status: Unknown
** Affects: spamassassin (Ubuntu)
Importance: Undecided
Status: New
** Bug watch added: SpamAssassin Bugzilla #7093
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=7093
** Also affects: spamassassin via
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=7093
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to spamassassin in Ubuntu.
https://bugs.launchpad.net/bugs/1383415
Title:
Incorrect use of SSL options
To manage notifications about this bug go to:
https://bugs.launchpad.net/spamassassin/+bug/1383415/+subscriptions
More information about the Ubuntu-server-bugs
mailing list