Package: libduo3 Version: 1.8-1 Severity: normal Dear Maintainer,
yesterday I got an email from Duo Security Support saying: "To ensure your Duo-protected services remain operational, you must upgrade the Duo integration software associated with each affected service by June 30, 2014." "Every integration communicates with Duo’s service over SSL. Several integrations add an additional layer of protection to SSL by implementing Certificate Authority (CA) pinning. Due to changes in agreements between certificate authorities and evolving best practices in the industry, Duo is updating our list of trusted certificates. Our old list will no longer be supported by certificate authorities in July 2014. The new list also contains stronger certificates for increased resilience against attack." https://www.duosecurity.com/docs/integration_certification_upgrade Maybe you could just backport libduo3 1.9.6-1 from jessie to wheezy? Many thanks in advance! :) -- System Information: Debian Release: 7.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libduo3 depends on: ii libc6 2.13-38+deb7u1 ii libpam0g 1.1.3-7.1 ii libssl1.0.0 1.0.1e-2+deb7u9 ii multiarch-support 2.13-38+deb7u1 libduo3 recommends no packages. libduo3 suggests no packages. -- no debconf information -- Mit freundlichen Grüßen, Jörg Ludwig IServ GmbH Bültenweg 73 38106 Braunschweig Telefon: 0531-2243666-0 Fax: 0531-2243666-9 Mobil: 0179-9101055 E-Mail: joerg.lud...@iserv.eu Internet: www.iserv.eu USt.-IdNr.: DE265149425 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
