2 matches found
curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master
Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...
openSUSE Security Update : telepathy-gabble (openSUSE-SU-2013:1013-1)
This update of telepathy-gabble fixes a TLS bypass problem. Changes in telepathy-gabble : - Add telepathy-gabble-cve-2013-1431.patch bnc822586. This makes it respect the TLS-required flag on legacy Jabber servers. Identified as CVE-2013-1431. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...