Package: jabberd2 Version: 2.4.0-1~bpo8+1 Justification: user security hole Severity: grave Tags: security
I am sorry to report this, but the users of jabberd2 should now that there is no encryption possible with this package. An configuration with encryption settings is ignored and an unencrypted connection is opened without warnings. I could verify this in an wireshark session. Wasting many time to get it running with a working TLS i had to give up. There is no interest from the developer to solve the problem. Please refer to this bugs that include further links: https://github.com/jabberd2/jabberd2/issues/137 https://github.com/jabberd2/jabberd2/issues/141 Regards Karsten