Hi, I forgot to attach a debdiff in the bugreport. Sorry for that. Now it's attached.
Regards, Tino
diff -Nru syncevolution-1.4.99.4/debian/changelog syncevolution-1.4.99.4/debian/changelog --- syncevolution-1.4.99.4/debian/changelog 2014-10-26 14:43:18.000000000 +0100 +++ syncevolution-1.4.99.4/debian/changelog 2014-12-04 22:46:12.000000000 +0100 @@ -1,3 +1,9 @@ +syncevolution (1.4.99.4-3) unstable; urgency=medium + + * Use TLS instead of SSLv3 in SyncML server script (Closes: #772040) + + -- Tino Mettler <tino+deb...@tikei.de> Thu, 04 Dec 2014 22:44:49 +0100 + syncevolution (1.4.99.4-2) unstable; urgency=medium * Fix FTBFS on kfreebsd due to missing SOCK_CLOEXEC diff -Nru syncevolution-1.4.99.4/debian/patches/0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch syncevolution-1.4.99.4/debian/patches/0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch --- syncevolution-1.4.99.4/debian/patches/0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch 2014-10-26 14:13:38.000000000 +0100 +++ syncevolution-1.4.99.4/debian/patches/0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch 2014-12-04 22:46:46.000000000 +0100 @@ -47,5 +47,5 @@ GuardFD childfd(fds[1]); -- -2.0.1 +2.1.3 diff -Nru syncevolution-1.4.99.4/debian/patches/0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch syncevolution-1.4.99.4/debian/patches/0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch --- syncevolution-1.4.99.4/debian/patches/0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch 1970-01-01 01:00:00.000000000 +0100 +++ syncevolution-1.4.99.4/debian/patches/0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch 2014-12-04 22:46:46.000000000 +0100 @@ -0,0 +1,30 @@ +From 7d2802314406b0d6218bd04889667e38710b414d Mon Sep 17 00:00:00 2001 +From: Tino Mettler <tino+deb...@tikei.de> +Date: Thu, 4 Dec 2014 17:11:22 +0100 +Subject: [PATCH] Use TLS instead of SSLv3 in SyncML server script + +This fixes a potential security risk. It also avoids connection problems +with clients that don't support SSLv3 anymore, like the syncevolution SyncML +client itself. + +Closes: #772040 +--- + test/syncevo-http-server.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/syncevo-http-server.py b/test/syncevo-http-server.py +index 57210ae..6c14088 100755 +--- a/test/syncevo-http-server.py ++++ b/test/syncevo-http-server.py +@@ -40,7 +40,7 @@ timeout=100000 + + class ChainedOpenSSLContextFactory(ssl.DefaultOpenSSLContextFactory): + def __init__(self, privateKeyFileName, certificateChainFileName, +- sslmethod = SSL.SSLv3_METHOD): ++ sslmethod = SSL.TLSv1_METHOD): + """ + @param privateKeyFileName: Name of a file containing a private key + @param certificateChainFileName: Name of a file containing a certificate chain +-- +2.1.3 + diff -Nru syncevolution-1.4.99.4/debian/patches/series syncevolution-1.4.99.4/debian/patches/series --- syncevolution-1.4.99.4/debian/patches/series 2014-10-26 14:13:38.000000000 +0100 +++ syncevolution-1.4.99.4/debian/patches/series 2014-12-04 22:46:46.000000000 +0100 @@ -1,2 +1,3 @@ # debian/source/git-patches exported from git by quilt-patches-deb-export-hook 0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch +0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch