Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20190708050645.GA4714@dmoppert.redhat.com>
Date: Mon, 8 Jul 2019 05:06:45 +0000
From: Doran Moppert <dmoppert@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: [CVE-2019-0231] MINA SSLFilter security Issue

On Sun, Apr 14, 2019 at 08:30:49AM +0200, Emmanuel Lecharny wrote:
>Description: Handling of the close_notify SSL/TLS message does not
>lead to a connection closure, leading the server to retain the socket
>opened and to have the client potentially receive clear-text messages
>which were supposed to be encrypted.
>
>This security issue is fixed by Apache MINA 2.0.21 or Apache MINA
>2.0.21. Please migrate to those new versions.

Hi Emmanuel,

I think the above should read "2.0.21 or Apache MINA 2.1.1".  Is the 
commit fixing the issue 73e881ad9?  I am trying to figure out if our 
products using 1.1 need to consider a back-port.

Thanks,

-- 
Doran Moppert
Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.