[Secure-testing-commits] r29406 - data/CVE

Yves-Alexis Perez corsac at moszumanska.debian.org
Wed Oct 15 05:59:48 UTC 2014


Author: corsac
Date: 2014-10-15 05:59:48 +0000 (Wed, 15 Oct 2014)
New Revision: 29406

Modified:
   data/CVE/list
Log:
add CVE-2014-3566 / POODLE attack


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-14 21:27:38 UTC (rev 29405)
+++ data/CVE/list	2014-10-15 05:59:48 UTC (rev 29406)
@@ -10311,8 +10311,16 @@
 	RESERVED
 CVE-2014-3567
 	RESERVED
-CVE-2014-3566
+CVE-2014-3566 [POODLE attack against SSLv3]
 	RESERVED
+	- openssl <unfixed>
+	- nss <unfixed>
+	- gnutls <unfixed>
+	[wheezy] - iceweasel <unfixed>
+	[wheezy] - icedove <unfixed>
+	NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
+	NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
+	NOTE: workaround is to disable SSLv3 in application configurations when possible
 CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is ...)
 	- net-snmp 5.7.2.1~dfsg-7 (bug #760132)
 	[wheezy] - net-snmp <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list