Your message dated Thu, 05 Feb 2015 09:29:41 +0530
with message-id <[email protected]>
and subject line Done: calendarserver: SSLMethod defaults to SSLv3_METHOD
has caused the Debian Bug report #765644,
regarding calendarserver: SSLMethod defaults to SSLv3_METHOD
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
765644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765644
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: calendarserver
Version: 3.2+dfsg-4+deb7u1
Severity: grave
Tags: upstream security
Justification: user security hole
Dear Maintainer,
as discussed on the calendarserver ML [1] the default SSLVersion setting makes
calendarserver vulnerable to the "POODLE" attack on SSLv3.
Please apply the changes mentioned on the ML.
Cheers
Philipp
[1]
https://lists.macosforge.org/pipermail/calendarserver-users/2014-October/002435.html
--- End Message ---
--- Begin Message ---
Package: calendarserver
--- Please enter the report below this line. ---
This bug has been fixed in version 5.2.2+dfsg-2
<https://packages.debian.org/source/unstable/calendarserver>
--- End Message ---
