Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-6169

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.

Related bugs and status

CVE-2013-6169 (Candidate) is related to these bugs:

Bug #1239307: Allows SSLv2 and weak ciphers

		In	Importance	Status
1239307	Allows SSLv2 and weak ciphers	ejabberd (Ubuntu)	Undecided	Fix Released
1239307	Allows SSLv2 and weak ciphers	ejabberd (Ubuntu Lucid)	Undecided	Won't Fix
1239307	Allows SSLv2 and weak ciphers	ejabberd (Ubuntu Precise)	Undecided	Fix Released
1239307	Allows SSLv2 and weak ciphers	ejabberd (Ubuntu Saucy)	Undecided	Fix Released
1239307	Allows SSLv2 and weak ciphers	ejabberd (Ubuntu Quantal)	Undecided	Fix Released
1239307	Allows SSLv2 and weak ciphers	ejabberd (Ubuntu Raring)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.process-on...
DEBIAN: DSA-2775