[Secure-testing-commits] r29511 - data/CVE
Kurt Roeckx
kroeckx at moszumanska.debian.org
Sat Oct 18 17:30:17 UTC 2014
Author: kroeckx
Date: 2014-10-18 17:30:14 +0000 (Sat, 18 Oct 2014)
New Revision: 29511
Modified:
data/CVE/list
Log:
Clarify what CVE-2014-3566 is about.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-18 17:24:26 UTC (rev 29510)
+++ data/CVE/list 2014-10-18 17:30:14 UTC (rev 29511)
@@ -10920,7 +10920,8 @@
[squeeze] - icedove <end-of-life>
NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
- NOTE: workaround is to disable SSLv3 in application configurations when possible
+ NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack.
+ NOTE: Fix is to disable SSLv3 in library or application configurations
CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is ...)
- net-snmp 5.7.2.1~dfsg-7 (bug #760132)
[wheezy] - net-snmp <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list