[Secure-testing-commits] r13370 - data
Stefan Fritsch
sf at alioth.debian.org
Tue Nov 24 22:14:59 UTC 2009
Author: sf
Date: 2009-11-24 22:14:59 +0000 (Tue, 24 Nov 2009)
New Revision: 13370
Modified:
data/CVE-2009-3555
Log:
more TLS updates
Modified: data/CVE-2009-3555
===================================================================
--- data/CVE-2009-3555 2009-11-24 21:14:14 UTC (rev 13369)
+++ data/CVE-2009-3555 2009-11-24 22:14:59 UTC (rev 13370)
@@ -20,9 +20,13 @@
- openjdk-6
- sun-java5
- sun-java6
-- libapache-mod-ssl (oldstable only)
Applications, which have been modified:
- proftpd-dfsg -> Disabled SSL/TLS renegotiations in 1.3.2b-2 in unstable
- apache2 -> Disabled client-initiated SSL/TLS renegs in 2.2.14-2, only partial fix, also issued as DSA 1934 for stable
-- tomcat-native -> 1.1.18-1
\ No newline at end of file
+- tomcat-native -> 1.1.18-1
+
+Candidates for modification:
+- nginx: disables renegotiation in 0.7.64, bug #557873,
+ patch at http://sysoev.ru/nginx/patch.cve-2009-3555.txt
+- libapache-mod-ssl (oldstable only) bug #556942, no patch yet
More information about the Secure-testing-commits
mailing list