On Sat, Nov 01, 2014 at 02:45:30PM +0000, Dominic Hargreaves wrote:
> On Mon, Oct 27, 2014 at 09:07:58PM +0100, Sebastian Andrzej Siewior wrote:
> > package: ircd-hybrid
> > version: 1:7.2.2.dfsg.2-10
> > tags: security patch
> > Control: fixed -1 1:8.0.4.dfsg.1-1
> > 
> > So I looked how to disable SSLv3 in ircd-hybrid and didn't find
> > anything. It seems that in the v8 version they disable SSLv2 and SSLv3
> > while in the v7 version they only disable SSLv2.
> > I applied the change at the bottom of this mail to disable SSLv3 in the v7
> > version which is currently in Wheezy.
> > 
> > Giving the fact that one should disable SSLv3 and that this package has
> > to be manually recompiled in order to enable SSL at all - how are the
> > chances that an update hits Wheezy? :)
> 
> This is a question for the security team, but I'd hope that it would be
> considered - indeed the same sort of change has been made before in
> DSAs (for Iceweasel at least, I believe).

The impact doesn't warrant a DSA; please fix this through a point update 
instead.

Cheers,
        Moritz


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to