[Bug 1153839] New: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1153839

            Bug ID: 1153839
           Summary: CVE-2014-8760 ejabberd: clients can unexpectedly
                    connect without encryption
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: mmcal...@redhat.com
                CC: erlang@lists.fedoraproject.org,
                    extras-orp...@fedoraproject.org, jkal...@redhat.com,
                    lemen...@gmail.com, mar...@laptop.org,
                    mma...@redhat.com



It was reported that clients could unexpectedly connect without encryption:

http://mail.jabber.org/pipermail/operators/2014-October/002438.html

Upstream fix (master):

https://github.com/processone/ejabberd/commit/7bdc1151b

References:
http://seclists.org/oss-sec/2014/q4/312

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
erlang mailing list
erlang@lists.fedoraproject.org
https://lists.fedoraproject.org/mailman/listinfo/erlang