[Secure-testing-commits] r29580 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Oct 22 17:37:00 UTC 2014
Author: jmm
Date: 2014-10-22 17:37:00 +0000 (Wed, 22 Oct 2014)
New Revision: 29580
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
no updates needed for poodle; if any other TLS implementation besides openssl
wants to add support for SCSV, that's not in the scope of a security update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-22 16:01:19 UTC (rev 29579)
+++ data/CVE/list 2014-10-22 17:37:00 UTC (rev 29580)
@@ -11022,14 +11022,7 @@
{DSA-3053-1}
- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
- - openssl 1.0.1j-1
- - nss <unfixed>
- - gnutls26 <unfixed>
- - gnutls28 <unfixed>
- [wheezy] - iceweasel <unfixed>
- [squeeze] - iceweasel <end-of-life>
- [wheezy] - icedove <unfixed>
- [squeeze] - icedove <end-of-life>
+ NOTE: openssl 1.0.1j-1 added SCSV
NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack.
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-10-22 16:01:19 UTC (rev 29579)
+++ data/dsa-needed.txt 2014-10-22 17:37:00 UTC (rev 29580)
@@ -18,7 +18,6 @@
--
icedove (jmm)
--
---
libgcrypt11 (carnil)
--
liblivemedia (geissert)
@@ -39,7 +38,6 @@
openjdk-7
The update breaks JamVM, update should be held back until this is fixed upstream, see http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-1-13-5-for-openjdk-6-released/
--
---
openswan (corsac)
NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466
(#744717)
More information about the Secure-testing-commits
mailing list