*** This bug is a security vulnerability *** Public security bug reported:
ejabberd allows connections through SSLv2 and weak ciphers. It's not possible to change this in the configuration file. Upstream has fixed this in v2.1.12: https://github.com/processone/ejabberd/commit/e06c1c49c14c3f56cf4ddae080514f7802669335 https://github.com/processone/ejabberd/commit/d2d51381ec3fea97d0bd968cd7ffed2364b644c6 ** Affects: ejabberd (Ubuntu) Importance: Undecided Status: New ** Affects: ejabberd (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: ejabberd (Ubuntu Precise) Importance: Undecided Status: New ** Affects: ejabberd (Ubuntu Quantal) Importance: Undecided Status: New ** Affects: ejabberd (Ubuntu Raring) Importance: Undecided Status: New ** Affects: ejabberd (Ubuntu Saucy) Importance: Undecided Status: New ** Also affects: ejabberd (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: ejabberd (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: ejabberd (Ubuntu Saucy) Importance: Undecided Status: New ** Also affects: ejabberd (Ubuntu Quantal) Importance: Undecided Status: New ** Also affects: ejabberd (Ubuntu Raring) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1239307 Title: Allows SSLv2 and weak ciphers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ejabberd/+bug/1239307/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
