More updates.
Unfortunately, it's going to be pretty invasive to try and fix this in
pre-1.0 versions of the ZNC package, because the CSocket changes won't
apply cleanly, and I am not familiar enough to make the changes to make
it work. As well, upstream in Debian, their security team
representative, over emails, has stated that it's too invasive for them
to include in anything other than 1.4-1 which is in Wheezy and Sid.
Because I've failed to get this to build in anything before ZNC 1.0, I'm
going to "Won't Fix" this for Precise, which has 0.206.
I'm still working on Trusty, Utopic, and Vivid, but with Vivid I'm more
likely to request a merge or sync once Debian updates with the changes
to enable SSL protocol selection.
** Changed in: znc (Ubuntu Precise)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1389264
Title:
ZNC SSL listeners are vulnerable to POODLE.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1389264/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
