Arora supports SSL3
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
arora (Debian) |
Fix Released
|
Unknown
|
|||
arora (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
According to both
https:/
and
https:/
Arora is vulnerable to the POODLE vulnerability. SSL Labs recommends disabling SSL 3 support & debian claims that current and past versions are still vulnerable (though the security impact is "unimportant" ).
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: arora 0.11.0+
ProcVersionSign
Uname: Linux 3.19.0-9-generic x86_64
ApportVersion: 2.16.2-0ubuntu3
Architecture: amd64
CurrentDesktop: GNOME-Classic:GNOME
Date: Tue Mar 17 11:48:28 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2014-07-09 (250 days ago)
InstallationMedia: Ubuntu-GNOME 14.10 "Utopic Unicorn" - Alpha amd64 (20140708)
SourcePackage: arora
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in arora (Ubuntu): | |
status: | Expired → Incomplete |
Changed in arora (Debian): | |
status: | Unknown → New |
tags: | added: wily |
tags: | added: xenial |
tags: | added: yakkety |
Changed in arora (Debian): | |
status: | New → Fix Released |
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res