[Bug 1153839] New: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption

Thursday, 16 October 2014

https://bugzilla.redhat.com/show_bug.cgi?id=1153839

            Bug ID: 1153839
           Summary: CVE-2014-8760 ejabberd: clients can unexpectedly
                    connect without encryption
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team(a)redhat.com
          Reporter: mmcallis(a)redhat.com
                CC: erlang(a)lists.fedoraproject.org,
                    extras-orphan(a)fedoraproject.org, jkaluza(a)redhat.com,
                    lemenkov(a)gmail.com, martin(a)laptop.org,
                    mmahut(a)redhat.com

It was reported that clients could unexpectedly connect without encryption:

http://mail.jabber.org/pipermail/operators/2014-October/002438.html

Upstream fix (master):

https://github.com/processone/ejabberd/commit/7bdc1151b

References:
http://seclists.org/oss-sec/2014/q4/312

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[Bug 1153839] New: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption