[Secure-testing-commits] r31734 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Jan 27 11:29:05 UTC 2015
Author: hertzog
Date: 2015-01-27 11:29:05 +0000 (Tue, 27 Jan 2015)
New Revision: 31734
Modified:
data/CVE/list
Log:
Mark CVE-2014-3566 as no-dsa for openssl/squeeze
The risk of breaking stuff is too high. The security implications have
been widely communicated and the people who are truely worried about
the implications have probably already taken measures to not use SSLv3.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-27 11:28:58 UTC (rev 31733)
+++ data/CVE/list 2015-01-27 11:29:05 UTC (rev 31734)
@@ -18542,6 +18542,7 @@
- dwb <unfixed> (unimportant)
- openssl 1.0.1j-1
[wheezy] - openssl <no-dsa> (Will be addressed through a point update, #774299)
+ [squeeze] - openssl <no-dsa> (Change considered too risky)
- galeon <unfixed> (unimportant)
- gnutls26 <unfixed>
[squeeze] - gnutls26 <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list