-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2775-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
October 10, 2013                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ejabberd
Vulnerability  : insecure SSL usage
Problem type   : remote
Debian-specific: no
Debian Bug     : 722105

It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and
weak ciphers for communication, which are considered insecure. The
software offers no runtime configuration options to disable these. This
update disables the use of SSLv2 and weak ciphers.

The updated package for Debian 7 (wheezy) also contains auxiliary
bugfixes originally staged for the next stable point release.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.1.5-3+squeeze2.

For the stable distribution (wheezy), this problem has been fixed in
version 2.1.10-4+deb7u1.

For the testing distribution (jessie), and unstable distribution (sid),
this problem will be fixed soon.

We recommend that you upgrade your ejabberd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSVuPYAAoJEFb2GnlAHawE5KQIAI4W5gLNB2Z2qLG53SU25OTr
El4qltM8AXRQGTaacAVTD+0uz83968lDadvyMTeRiXCh2ScrFzJsrNmPrBgYbFb8
TAwtZDvo2sY/fhsSbECO/9LzopWlC5a4ry14xFC2ta5GEfx+z4RW8R5YHvS5bc1U
k3fSK1egJt4T9aW+pNvPLDU27qOxNtyoyE8b1LMWyzFmlE5ePy7lroXpolviSU0D
qMGGTHeZAPDRVzvHZiWoYs2uEkVich7x8lZB2sufrXkvJbwKkqHpnQ9fMx7+RGJe
2vPAqMmmnEWHgMOcYuEVoQD1BMTyDko3sF4D7BDmbYMAPp/KFfYDbnjjpv1sziI=
=fCbm
-----END PGP SIGNATURE-----