Hi,
On 2014-07-04 15:02, Debian Queue Viewer wrote:
+quassel (0.8.0-1+deb7u2) wheezy; urgency=medium
+
+ The certificate in /var/lib/quassel/quasselCert.pem was accessible
by
+ all local users on this server which allows users to decipher
traffic between
+ quassel core and connected clients.
+ We suggest to generate a new certificate to ensure secure
communication.
+
+ -- Thomas Mueller <[email protected]> Thu, 03 Jul 2014 14:42:18
+0200
It appears that this issue also applies to the quassel package in
unstable, and has not been fixed there. What's the plan for getting that
resolved? (I'm also curious as to whether this would have been better
suited to a security upload, fwiw.)
For future reference, where the issue affects both stable and unstable,
it's expected that the fix will be applied to unstable before looking at
an upload to stable (the security team may be happy to accept fixes in
advance of sid being fixed, but they can also release regression fixes
much more quickly).
Regards,
Adam
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/[email protected]
