[Secure-testing-commits] r29510 - data/DSA

Kurt Roeckx kroeckx at moszumanska.debian.org
Sat Oct 18 17:24:26 UTC 2014


Author: kroeckx
Date: 2014-10-18 17:24:26 +0000 (Sat, 18 Oct 2014)
New Revision: 29510

Modified:
   data/DSA/list
Log:
CVE-2014-3566 is not fixed in openssl 1.0.1e-2+deb7u13

CVE-2014-3566 is the SSL 3.0 protocol issue.  It only contains something for the
fallback attack which is a separate issue that does not have a CVE.  The only
way to fix it is to disable SSL 3.0.


Modified: data/DSA/list
===================================================================
--- data/DSA/list	2014-10-18 13:52:45 UTC (rev 29509)
+++ data/DSA/list	2014-10-18 17:24:26 UTC (rev 29510)
@@ -1,5 +1,5 @@
 [16 Oct 2014] DSA-3053-1 openssl - security update
-	{CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568}
+	{CVE-2014-3513 CVE-2014-3567 CVE-2014-3568}
 	[wheezy] - openssl 1.0.1e-2+deb7u13
 [15 Oct 2014] DSA-3052-1 wpa - security update
 	{CVE-2014-3686}




More information about the Secure-testing-commits mailing list