[contribteam] [Bug 8715] Zarafa <= 7.1 vulnerable to POODLE (SSLv3)

bugzilla-daemon Thu, 04 Dec 2014 06:49:09 -0800

==================================================================
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
    http://bugs.contribs.org/show_bug.cgi?id=8715


  Have you checked the Frequently Asked Questions (FAQ)?
    http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
    http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==================================================================

            Bug ID: 8715
           Summary: Zarafa <= 7.1 vulnerable to POODLE (SSLv3)
    Classification: Contribs
           Product: SME Contribs
           Version: 9.0
          Hardware: ---
                OS: ---
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: smeserver-zarafa-unix
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]

All Zarafa versions are vulnerable to POODLE, SSLv3.

The usage of SSLv3 is hard coded in the Zarafa daemons. This will likely change
with the upcoming ZCP7.2.x release. With this release new parameters will be
introduced that require changes to the custom templates of the zarafa contrib.

More info here:
https://lists.fedoraproject.org/pipermail/zarafa-announce/2014-October/000058.html

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at http://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 8715] Zarafa <= 7.1 vulnerable to POODLE (SSLv3)

Reply via email to