Op Wed, Oct 29, 2014 at 11:00:09AM +0100 schreef Julien Cristau: > On Wed, Oct 29, 2014 at 10:45:59 +0100, Joost van Baal-Ilić wrote: > > > package: postfix > > version: 2.9.6-2 > > tag: upstream > > severity: critical > > > > Hi, > > > > The Postfix Debian package ships with a default list of supported TLS > > protocols > > which makes it vulnerable to the POODLE TLS attack: > > > The postfix debian package uses libssl, which has disabled sslv3 in > 1.0.1j-1.
Good to know, thanks. POODLE has been assigned CVE-2014-3566, we have [DSA 3053-1]: jessie and wheezy are fixed. For squeeze one can manually disable SSLv3 in main.cf, as long as there hasn't been released a DLA for squeeze-lts. Bye, Joost
signature.asc
Description: Digital signature

