Control: tags -1 + confirmed On Tue, 2020-05-26 at 12:33 +0300, Sergei Golovan wrote: > Recently, a weak ciphers vulnerability was discovered in the Yaws web > server, and reported as CVE-2020-12872 (see [1] and [2]). > It turnes out that Yaws uses the default ciphers provided by Erlang, > so I think it's better to fix this bug there. If we consider only > Erlang packages in stretch, buster, bullseye/sid then only the > version in stretch is vulnerable, so I'd like to propose an update > for it.
Please go ahead. Regards, Adam
