Your message dated Sat, 09 May 2015 19:02:05 +0000
with message-id <[email protected]>
and subject line Bug#765649: fixed in pound 2.6-6+deb8u1
has caused the Debian Bug report #765649,
regarding can't disable 'Secure Client-Initiated Renegotiation'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
765649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pound
Version: 2.6-4
Severity: important
Tags: security
The security check at https://www.ssllabs.com/ssltest/ reports:
Secure Client-Initiated Renegotiation Supported DoS DANGER
It gives a link to the following page:
https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
There is a setting that looks like it should disable
this, SSLAllowClientRenegotiation. However the default is disabled, and
this problem occurred. Furthermore, even if I
include "SSLAllowClientRenegotiation 0" in my configuration I still get
this warning.
Thanks.
--
Brian May <[email protected]>
--- End Message ---
--- Begin Message ---
Source: pound
Source-Version: 2.6-6+deb8u1
We believe that the bug you reported is fixed in the latest version of
pound, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[email protected]> (supplier of updated pound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 05 May 2015 13:27:06 +0000
Source: pound
Binary: pound
Architecture: source amd64
Version: 2.6-6+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Brett Parker <[email protected]>
Changed-By: Thijs Kinkhorst <[email protected]>
Description:
pound - reverse proxy, load balancer and HTTPS front-end for Web servers
Closes: 765649
Changes:
pound (2.6-6+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the security team with maintainer approval.
* Add missing part of anti_beast patch to fix disabling of client
renegotiation. (Closes: #765649)
Checksums-Sha1:
06ce0dcdf4d665d1b0cd50caedae747af6ca2f74 1395 pound_2.6-6+deb8u1.dsc
91ba84c6db579b06dc82fceb790e55e344b1dc40 180595 pound_2.6.orig.tar.gz
6efc6cca4be8ff7e1075b84e3e597f2f86a16017 14000 pound_2.6-6+deb8u1.debian.tar.xz
a392e6a5c1e9a095efc3d38f2f8cb2244ce82b69 102784 pound_2.6-6+deb8u1_amd64.deb
Checksums-Sha256:
33226d72b7aa725fd5997eeba46c2afe9bb6c2f73eabbef694ed03ced933dc8f 1395
pound_2.6-6+deb8u1.dsc
0ad25e3652e22117abbc17a70b5d8913e05991318a5506bc7437e662616fdf21 180595
pound_2.6.orig.tar.gz
b1494e1c979c41688fd115f50b8a2779b80de97bbbdd86107eb0fcce15048594 14000
pound_2.6-6+deb8u1.debian.tar.xz
1f435af6d01c699aaaacd3aa3f5e9f5e5a3976ae063d0adfc556d6d74155a11b 102784
pound_2.6-6+deb8u1_amd64.deb
Files:
abb80ed038a0a431e24db8c67692aa50 1395 net extra pound_2.6-6+deb8u1.dsc
8c913b527332694943c4c67c8f152071 180595 net extra pound_2.6.orig.tar.gz
3502109e32aac34eb3caea6242a2b2dd 14000 net extra
pound_2.6-6+deb8u1.debian.tar.xz
48b3bc1f136b378929b426dbdc594ce8 102784 net extra pound_2.6-6+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVS6E4AAoJEFb2GnlAHawESnkH/3Nt+BRwsqLJ6SyeGZCzRXeT
x+UcaBHSw9jH9WU5m+9NgFAsUfiM4OyeJl7O/dfGwnx1YgKD1+D6ZKPO4TKKq0E7
W/7XZogLPqmvUHuwRXV9/nOAumsK7sbbKYii8yQbE97X45d9QxCFtMQ7R2/tF81U
X6y+xqy1u8RjS4l4tW1Zf4M75+itrzJwR3eyPd0wUQyCcnbjMaVvCKweBv0QxUp5
L1gYLwYUn6uZJflZ2WcLkmSmzJU7laLfhAK9L36Hodu++SO1UMDx5oHUSyNc3czU
9SWN/537gPHoDCD++cr7ZK5rvR/j7joe9tC+Kg15mWsiLLMgBOhPsjUYqwd3Sio=
=Nx4L
-----END PGP SIGNATURE-----
--- End Message ---
