Package: thunderbird Version: 1.5-4 Severity: grave Tags: security Justification: user security hole
SSL v2 encryption is been considered insecure because of design flaws and weak ciphers [1], as such security.enable_ssl2 = false should be set by default. However, currently this package accepts SSL2 by default and thus puts users at risk of assuming to be connected through a secure connection which is, in fact, not secure. As such, users relying on the false impression of security given by the application are effectively put at risk. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=303849 http://www.foundstone.com/resources/whitepapers/wp_ssldigger.pdf (the last one is a commercial plug but also contains useful info on SSL ciphers) -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages thunderbird depends on: ii libatk1.0-0 1.11.3-1 The ATK accessibility toolkit ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libcairo2 1.0.4-1+b1 The Cairo 2D vector graphics libra ii libfontconfig1 2.3.2-5.1 generic font configuration library ii libgcc1 1:4.1.0-1+b1 GCC support library ii libglib2.0-0 2.10.2-1 The GLib library of C routines ii libgtk2.0-0 2.8.16-1 The GTK+ graphical user interface ii libjpeg62 6b-12 The Independent JPEG Group's JPEG ii libpango1.0-0 1.12.0-2 Layout and rendering of internatio ii libpng12-0 1.2.8rel-5 PNG library - runtime ii libstdc++6 4.1.0-1+b1 The GNU Standard C++ Library v3 ii libx11-6 6.9.0.dfsg.1-6 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 6.9.0.dfsg.1-6 X Window System miscellaneous exte ii libxft2 2.1.8.2-5.1 FreeType-based font drawing librar ii libxi6 6.9.0.dfsg.1-6 X Window System Input extension li ii libxinerama1 6.9.0.dfsg.1-6 X Window System multi-head display ii libxp6 6.9.0.dfsg.1-6 X Window System printing extension ii libxrandr2 6.9.0.dfsg.1-6 X Window System Resize, Rotate and ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra ii libxt6 6.9.0.dfsg.1-6 X Toolkit Intrinsics ii zlib1g 1:1.2.3-11 compression library - runtime Versions of packages thunderbird recommends: ii myspell-de-at [myspell 20051113-1 Austrian (German) dictionary for m ii myspell-de-ch [myspell 20051113-1 Swiss (German) dictionary for mysp ii myspell-de-de [myspell 20051113-1 German dictionary for myspell ii xprint 1:0.1.0.alpha1-13 Xprint - the X11 print system (bin -- debconf information: * thunderbird/browser: GNOME -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
