Your message dated Tue, 05 May 2015 18:24:58 +0000
with message-id <[email protected]>
and subject line Bug#765649: fixed in pound 2.6-6.1
has caused the Debian Bug report #765649,
regarding can't disable 'Secure Client-Initiated Renegotiation'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
765649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pound
Version: 2.6-4
Severity: important
Tags: security
The security check at https://www.ssllabs.com/ssltest/ reports:
Secure Client-Initiated Renegotiation Supported DoS DANGER
It gives a link to the following page:
https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
There is a setting that looks like it should disable
this, SSLAllowClientRenegotiation. However the default is disabled, and
this problem occurred. Furthermore, even if I
include "SSLAllowClientRenegotiation 0" in my configuration I still get
this warning.
Thanks.
--
Brian May <[email protected]>
--- End Message ---
--- Begin Message ---
Source: pound
Source-Version: 2.6-6.1
We believe that the bug you reported is fixed in the latest version of
pound, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated pound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 05 May 2015 13:27:06 +0000
Source: pound
Binary: pound
Architecture: source amd64
Version: 2.6-6.1
Distribution: unstable
Urgency: medium
Maintainer: Brett Parker <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description:
pound - reverse proxy, load balancer and HTTPS front-end for Web servers
Closes: 765649
Changes:
pound (2.6-6.1) unstable; urgency=medium
.
* Non-maintainer upload by the security team with maintainer approval.
* Add missing part of anti_beast patch to fix disabling of client
renegotiation. (Closes: #765649)
Checksums-Sha1:
f910e3701324d912dc49f768f8d7da8981156b2a 1375 pound_2.6-6.1.dsc
ae078009fbb57fe6db3bb26c42646f9c5e7ed33e 14044 pound_2.6-6.1.debian.tar.xz
844c2803a689cdd55063bd7ee593b41448f65824 102776 pound_2.6-6.1_amd64.deb
Checksums-Sha256:
7cf7a74881838282738960b9ee07a33dc8e2fc533306c63871f435736953dfee 1375
pound_2.6-6.1.dsc
26044c6f47990b7058322f42705191e50b86f4ddbe1503ffb9de0d6a2c71ed25 14044
pound_2.6-6.1.debian.tar.xz
3376d3fde7f18066e0bc49e78ad42f9f1bf410eb2dd8064ecad044573918ae98 102776
pound_2.6-6.1_amd64.deb
Files:
88b67adf73453f78591d7f60756c82e2 1375 net extra pound_2.6-6.1.dsc
21368b8109583901b356eb6e373f2484 14044 net extra pound_2.6-6.1.debian.tar.xz
39d0035f97b664eb5ccce2628ba5aa3e 102776 net extra pound_2.6-6.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVSPNuAAoJEFb2GnlAHawEaicH+wfnM48FMICpe22ChbPHqIbx
CsEstBK9YZD+Gfv5c27FQsPR6eewepeGNq4XlLnBJQhh5M3ovdxUheCIC31Se02p
ypq/WAePjQ8YTiKh743PbEviTRKTRh7FHcXD1Jdd0SNB4FzxOvXX3yNFgd4PTna+
EqHE5qMPCKYrq7tD7MC5wviwmvetaKpZZTujugqBUByqBuVXFjeZ4d0QAuytutfC
9soPt2IOV5IDx7KYPU+f1HhH4lbruc9G0FJsPsctQpvCN1tH2JR14KTh1MRcouhe
oZKvScagJCu6OduMTvfE4lfg+tRVCgAMmvDtYcwV3FsIATKJoYmO/HlmvIsfGpU=
=TMyn
-----END PGP SIGNATURE-----
--- End Message ---
