[Secure-testing-team] Bug#765644: calendarserver: SSLMethod defaults to SSLv3_METHOD
Philipp Busch
p.busch at fu-berlin.de
Thu Oct 16 21:28:02 UTC 2014
Package: calendarserver
Version: 3.2+dfsg-4+deb7u1
Severity: grave
Tags: upstream security
Justification: user security hole
Dear Maintainer,
as discussed on the calendarserver ML [1] the default SSLVersion setting makes calendarserver vulnerable to the "POODLE" attack on SSLv3.
Please apply the changes mentioned on the ML.
Cheers
Philipp
[1] https://lists.macosforge.org/pipermail/calendarserver-users/2014-October/002435.html
More information about the Secure-testing-team
mailing list