Your message dated Thu, 17 Dec 2015 08:42:34 -0400
with message-id <[email protected]>
and subject line fixed?
has caused the Debian Bug report #794494,
regarding postfix: Uses obsolete and insecure ciphers and SSL versions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
794494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794494
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postfix
Version: 2.11.3-1
Severity: important
This is the text of the upstream announcement:
[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.0.2.html]
Postfix stable release 3.0.2 is available, as well as legacy releases 2.11.6,
2.10.8, and 2.9.14.
With all supported Postfix releases, the default settings have been updated so
that they no longer enable export-grade ciphers, and no longer enable the
SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any
legitimate use today, and have instead become a vehicle for downgrade attacks.
There are no other code changes.
Postfix documentation has been updated to reflect the new default settings
and their rationale; the RELEASE_NOTES give suggestions for how to enable the
old ciphers and protocols if your infrastructure requires them.
Finally, abandoning deprecated ciphers and protocols does not really improve
TLS security without measures to better authenticate remote servers. Secure
DNS and TLSA are steps in that direction.
--- End Message ---
--- Begin Message ---
Hi Axel;
Since the source package changed upstream to one elpa package (and thus
one binary), I guess this bug is in some sense fixed. If you think "net"
is the wrong section for (the new) elpa-circe, feel free to re-open /
re-title.
d
--- End Message ---
