Alpine uses an insecure connection after a /tls is sent in certain circumstances
Bug #1953238 reported by
Todd Taft
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| alpine (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Issue has CVE 2020-14929
https:/
A newer upstream package version has fixed this issue in more recent Ubuntu releases, but this issue is not resolved in the older releases, including the current LTS release (focal).
The easiest fix is probably just rebuilding and releasing one of the newer versions to all currently supported Ubuntu versions.
CVE References
| tags: | added: focal |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #1 |
| information type: | Private Security → Public Security |
| tags: | added: community-security |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/