Op Wed, Oct 29, 2014 at 11:00:09AM +0100 schreef Julien Cristau:
> On Wed, Oct 29, 2014 at 10:45:59 +0100, Joost van Baal-Ilić wrote:
> 
> > package: postfix
> > version: 2.9.6-2
> > tag: upstream
> > severity: critical
> > 
> > Hi,
> > 
> > The Postfix Debian package ships with a default list of supported TLS 
> > protocols
> > which makes it vulnerable to the POODLE TLS attack:
> > 
> The postfix debian package uses libssl, which has disabled sslv3 in
> 1.0.1j-1.

Good to know, thanks.

POODLE has been assigned CVE-2014-3566, we have [DSA 3053-1]: jessie and wheezy
are fixed.  For squeeze one can manually disable SSLv3 in main.cf, as long as
there hasn't been released a DLA for squeeze-lts.

Bye,

Joost

Attachment: signature.asc
Description: Digital signature

Reply via email to