Package: calendarserver Version: 3.2+dfsg-4+deb7u1 Severity: grave Tags: upstream security Justification: user security hole
Dear Maintainer, as discussed on the calendarserver ML [1] the default SSLVersion setting makes calendarserver vulnerable to the "POODLE" attack on SSLv3. Please apply the changes mentioned on the ML. Cheers Philipp [1] https://lists.macosforge.org/pipermail/calendarserver-users/2014-October/002435.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
