[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2014-3596 insecure certificate validation

On Thu, Oct 02, 2014 at 12:34:12PM +0200, Markus Koschany wrote:
> On 02.10.2014 08:39, Salvatore Bonaccorso wrote:
> > Hi Markus
> > 
> > As mentioned in [1,2] we do not use anymore the RT queues (a change from
> > DSA to disable them completely is pending).
> > 
> >  [1] https://wiki.debian.org/rt.debian.org#Security_Team
> >  [2] https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html
> > 
> > I'm resending this to the team alias (no time myself to look into it
> > right now).
> 
> Hi Salvatore,
> 
> thanks for the heads-up. I forgot about this change. I cannot upload the
> package myself but Miguel Landaeta is willing to sponsor it. I just
> wanted to check with the security team if this vulnerability warrants a
> DSA before we upload axis to wheezy-security.

Thanks for getting in touch with us! Please fix this through a point update.

Cheers,
        Moritz
Reply to: