This release also fixes a security issue, where channel binding, which connects the authentication layer (i.e. SASL) with the security layer (i.e. TLS) to detect man-in-the-middle attacks, could be used on connections encrypted with TLS 1.3, despite the holy texts declaring this undefined. mod_saslauth: Disable ‘tls-unique’ channel binding with TLS 1.3 (#1542)
x86 stable
amd64 stable
arm done
arm64 done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe2a2471c237640b00095779a694b21b0d336027 commit fe2a2471c237640b00095779a694b21b0d336027 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2021-03-01 19:43:12 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2021-03-01 19:43:12 +0000 net-im/prosody: drop old version Bug: https://bugs.gentoo.org/771144 Package-Manager: Portage-3.0.16, Repoman-3.0.2 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> net-im/prosody/Manifest | 1 - net-im/prosody/files/prosody-0.11.7-bit32.patch | 20 ----- net-im/prosody/prosody-0.11.7-r101.ebuild | 106 ------------------------ 3 files changed, 127 deletions(-)
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 202105-15 at https://security.gentoo.org/glsa/202105-15 by GLSA coordinator Thomas Deutschmann (whissi).