Your message dated Wed, 27 Mar 2013 21:02:30 +0100
with message-id <[email protected]>
and subject line Re: Bug#364680: Patched in Firefox
has caused the Debian Bug report #364680,
regarding thunderbird: SSL v2 encryption is insecure, should be disabled by
default
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
364680: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364680
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: thunderbird
Version: 1.5-4
Severity: grave
Tags: security
Justification: user security hole
SSL v2 encryption is been considered insecure because of design flaws
and weak ciphers [1], as such security.enable_ssl2 = false should be set
by default. However, currently this package accepts SSL2 by default and
thus puts users at risk of assuming to be connected through a secure
connection which is, in fact, not secure. As such, users relying on the
false impression of security given by the application are effectively
put at risk.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=303849
http://www.foundstone.com/resources/whitepapers/wp_ssldigger.pdf
(the last one is a commercial plug but also contains useful info on
SSL ciphers)
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-k7
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Versions of packages thunderbird depends on:
ii libatk1.0-0 1.11.3-1 The ATK accessibility toolkit
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libcairo2 1.0.4-1+b1 The Cairo 2D vector graphics libra
ii libfontconfig1 2.3.2-5.1 generic font configuration library
ii libgcc1 1:4.1.0-1+b1 GCC support library
ii libglib2.0-0 2.10.2-1 The GLib library of C routines
ii libgtk2.0-0 2.8.16-1 The GTK+ graphical user interface
ii libjpeg62 6b-12 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.12.0-2 Layout and rendering of internatio
ii libpng12-0 1.2.8rel-5 PNG library - runtime
ii libstdc++6 4.1.0-1+b1 The GNU Standard C++ Library v3
ii libx11-6 6.9.0.dfsg.1-6 X Window System protocol client li
ii libxcursor1 1.1.3-1 X cursor management library
ii libxext6 6.9.0.dfsg.1-6 X Window System miscellaneous exte
ii libxft2 2.1.8.2-5.1 FreeType-based font drawing librar
ii libxi6 6.9.0.dfsg.1-6 X Window System Input extension li
ii libxinerama1 6.9.0.dfsg.1-6 X Window System multi-head display
ii libxp6 6.9.0.dfsg.1-6 X Window System printing extension
ii libxrandr2 6.9.0.dfsg.1-6 X Window System Resize, Rotate and
ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra
ii libxt6 6.9.0.dfsg.1-6 X Toolkit Intrinsics
ii zlib1g 1:1.2.3-11 compression library - runtime
Versions of packages thunderbird recommends:
ii myspell-de-at [myspell 20051113-1 Austrian (German) dictionary for m
ii myspell-de-ch [myspell 20051113-1 Swiss (German) dictionary for mysp
ii myspell-de-de [myspell 20051113-1 German dictionary for myspell
ii xprint 1:0.1.0.alpha1-13 Xprint - the X11 print system (bin
-- debconf information:
* thunderbird/browser: GNOME
--- End Message ---
--- Begin Message ---
Version: 3.0.11-1+squeeze15
forwarded 364680 https://bugzilla.mozilla.org/show_bug.cgi?id=364323
thanks
Hello Moritz,
On Tue, Jul 11, 2006 at 01:34:18AM +0200, Moritz Naumann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Alex,
>
> this was just patched in Firefox, see Bug#371153. You were planning to
> look into why SSL2 has not been disabled in the 1.5 series upstream.
> Have you been able to research this, yet?
this vulnerability was fixed in version 3.0 of Thunderbird. So I close
this bug.
Regards
Carsten
--- End Message ---
