thr3ads.net - Secure testing team - [Secure-testing-team] Bug#652378: CVE-2011-1431 in TLS patch [Dec 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Moritz Muehlenhoff

2011-Dec-16 21:01 UTC

[Secure-testing-team] Bug#652378: CVE-2011-1431 in TLS patch

Source: qmail
Severity: important
Tags: security

The source package embeds the qmail TLS patch, which is affected by
this STARTTLS issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1431

It appears as if the TLS patch isn''t applied, it makes sense however
to update the patch anyway.

BTW, shouldn''t this package be removed altogether now that netqmail
is in the archive?

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Secure testing team - Dec 2011 - Bug#652378: CVE-2011-1431 in TLS patch

[Secure-testing-team] Bug#652378: CVE-2011-1431 in TLS patch