From ${URL} : Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6169 to the following vulnerability: Name: CVE-2013-6169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6169 Assigned: 20131017 Reference: https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/ Reference: DEBIAN:DSA-2775 Reference: http://www.debian.org/security/2013/dsa-2775 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
GLSA vote: no.
CVE-2013-6169 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6169): The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.
GLSA vote: no @maintainers: please clean up vulnerable versions, thanks
+ 04 Dec 2013; Sergey Popov <pinkbyte@gentoo.org> -ejabberd-2.1.11.ebuild: + Security cleanup, bug #488636