SurgeMail Archive: Re: [SurgeMail List] OpenSSL Security Advisory

Subject:	Re: [SurgeMail List] OpenSSL Security Advisory
From:	Surgemail Support (Marijn)
Date:	06-Jun-2014
I'll discuss with chris when he returns (after being away for the weekend), but for now here are some latest specials builds for linux32 / linux64 and windows that are built against the very latest openssl version that should resolve this: ftp://netwinsite.com/pub/surgemail/specials as per: http://netwinsite.com/surgeweb/help/updates.htm And I'll go and patch the production release builds for the same platforms too so they should be up in an hour so too. Once up you would have to get these direct from here until we update the normal downloads page page (which I expect will be monday) ftp://ftp.netwinsite.com/pub/surgemail To save me four hours of driving, I can't build the other platforms until after the weekend - most of which I understand are not affected anyway. Marijn On Saturday 07/06/2014 at 2:24 am, surgemailHIDDEN@etwinsite.com wrote: SurgeMail Version 6.6d-3, Built Apr 10 2014 12:11:50, Platform Linux_64 displays as vulnerable to the SSL/TLS MITM vulnerability (CVE-2014-0224) using Red Hat's CSS Injection Detector (https://access.redhat.com/labs/ccsinjectiontest/).. On 05. 06. 14 23:54, surgemail-support wrote: No we just looked through that list and it appears none of those issues are relevant for surgemail's use of SSL. We will release a new beta late next week with new SSL libraries anyway just incase but there doesn't seem to be any urgent need for it based on SSL. ChrisP. -- Christopher Greiner Université de Lausanne Centre informatique Amphimax CH-1015 Lausanne E-mail: Christopher.Greiner [at] unil.ch Tel: +41 21 692 21 93 URL: http://www.unil.ch/ci/

Last Message | Next Message


Search website: