sieve-connect security update to 0.85
Bug #1169349 reported by
Phil Pennock
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sieve-connect (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
I'm the author of sieve-connect. Version 0.85 is a security update. More details in the announcement on the announcements mailing-list.
http://
Sorry for the inconvenience.
Short version: failure to verify TLS certificate against the hostname (API confusion and stupidity on my part).
CVE References
information type: | Private Security → Public |
To post a comment you must log in.
Since sieve-connect is in Universe, it is maintained by the community: anyone can prepare debdiffs for updating any of our releases.
We prefer updates to be minimal where possible -- which ought to be fine, since libio-socket- ssl-perl is version 1.31-1 in our oldest supported distribution, 10.04 LTS -- if you're able to prepare a minimal patch for our releases, that would be best. (It _is_ possible to get an exception for just taking full releases, see https:/ /wiki.ubuntu. com/StableRelea seUpdates/ MicroReleaseExc eptions for details.)
Thanks