Source: ruby-mina Version: 1.1.7.dfsg-13 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 1.1.7.dfsg-14
Hi, The following vulnerability was published for mina. CVE-2019-0231[0]: | Handling of the close_notify SSL/TLS message does not lead to a | connection closure, leading the server to retain the socket opened | and to have the client potentially receive clear text messages | afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 | users should migrate to 2.1.1. This issue affects: Apache MINA. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-0231 https://www.cve.org/CVERecord?id=CVE-2019-0231 Regards, Salvatore
