CVE-2019-0231

NameCVE-2019-0231
DescriptionHandling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mina (PTS)bookworm, bullseye1.1.7.dfsg-13vulnerable
sid, trixie1.1.7.dfsg-14vulnerable
mina2 (PTS)bullseye2.1.4-2fixed
bookworm, sid, trixie2.2.1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
minasource(unstable)(unfixed)
mina2source(unstable)2.1.4-1

Notes

[bookworm] - mina <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems