Package: emacs23 Severity: serious Tags: security Hi,
It has come to my attention that Gnus is using s_client to set up SSL connections to retrieve email. Please stop using that. s_client is a debug tool, it does not set up a secure connection, it ignores all errors and just continues. It also doesn't do checks it should be doing. This is all documented behaviour. Please get rid of all documentation, configurations and examples that tell you how to set it up using s_client. I've also seen examples adding -ssl2 and -ssl3 which is really really broken. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
