Based on the report against the test tool, unless this issue is
validated with the current version of the tool released in May 2017,
it's a false positive. It's not clear there's any kind of bug at all.
** Changed in: postfix (Ubuntu)
Importance: Critical => Undecided
** Changed in: postfix
This item seems hard to be really actionable looking at how long nothing
happened. So I was looking around to other examples.
It might be overly cautious as mentioned but also just a false positive like
[1].
It is quite possible that this was the reason this showed up.
[1]:
I can't expect that from anybody, but if someone can test with latest
master against Trusty and Xenial that would be great.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1591706
Title:
postfix is
** Changed in: postfix (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1591706
Title:
postfix is vulnerable to "Secure Client-Initiated Renegotiation" DoS
The same vulnerability is reported for Postfix 3.1.0 under Ubuntu
16.04.1. But I am not sure this is a real vulnerability or merely an
overly-cautious report. Some info at
http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html.
--
You received this bug notification because
** Changed in: postfix (Ubuntu)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1591706
Title:
postfix is vulnerable to "Secure Client-Initiated Renegotiation"
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1591706
Title:
postfix is vulnerable to "Secure Client-Initiated Renegotiation" DoS