desktop-packages team mailing list archive

[Ubuntu Foundations Team Bug Bot <1505328@xxxxxxxxxxxxxxxxxx>]

The attachment "now  current debdiff (fixes accidentally included file)"
seems to be a debdiff.  The ubuntu-sponsors team has been subscribed to
the bug report so that they can review and hopefully sponsor the
debdiff.  If the attachment isn't a patch, please remove the "patch"
flag from the attachment, remove the "patch" tag, and if you are member
of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328

Title:
  Cups SSL is vulernable to POODLE

Status in cups package in Ubuntu:
  New

Bug description:
  On 12.04 and 14.04 if you enable cups ssl you are vulnerable to
  poodle, and there does not appear to be any way to mitigate it in Cups
  config.

  Ubuntu 14.04 - https://www.ssllabs.com/ssltest/analyze.html?d=190.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on
  Ubuntu 12.04 - https://www.ssllabs.com/ssltest/analyze.html?d=191.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on

  Fixed in wily - https://www.ssllabs.com/ssltest/analyze.html?d=192.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on
  Upstream fix - https://www.cups.org/str.php?L4476

  Should we disable ssvl3 in the 12.04/14.04 cups by default and
  backport the option to turn it back on?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1505328/+subscriptions