Candidate: CVE-2015-3644
PublicDate: 2015-05-14 00:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3644
 https://www.stunnel.org/CVE-2015-3644.html
Description:
 Stunnel 5.00 through 5.13, when using the redirect option, does not
 redirect client connections to the expected server after the initial
 connection, which allows remote attackers to bypass authentication.
Ubuntu-Description:
Notes:
 sbeattie> possibly does not affect 4.x based on stunnel advisory
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785352
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_stunnel4:
upstream_stunnel4: released (5.14)
precise_stunnel4: ignored (reached end-of-life)
precise/esm_stunnel4: DNE (precise was needed)
trusty_stunnel4: not-affected (code not present)
trusty/esm_stunnel4: not-affected (code not present)
utopic_stunnel4: ignored (reached end-of-life)
vivid_stunnel4: released (3:5.06-2+deb8u1build0.15.04.1)
vivid/stable-phone-overlay_stunnel4: DNE
vivid/ubuntu-core_stunnel4: DNE
wily_stunnel4: not-affected (3:5.18-1)
xenial_stunnel4: not-affected (3:5.18-1)
yakkety_stunnel4: not-affected (3:5.18-1)
zesty_stunnel4: not-affected (3:5.18-1)
artful_stunnel4: not-affected (3:5.18-1)
bionic_stunnel4: not-affected (3:5.18-1)
cosmic_stunnel4: not-affected (3:5.18-1)
devel_stunnel4: not-affected (3:5.18-1)