[Secure-testing-commits] r35382 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 9 04:31:15 UTC 2015
Author: carnil
Date: 2015-07-09 04:31:15 +0000 (Thu, 09 Jul 2015)
New Revision: 35382
Modified:
data/CVE/list
Log:
Add lighttpd for CVE-2014-3566
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-09 04:28:12 UTC (rev 35381)
+++ data/CVE/list 2015-07-09 04:31:15 UTC (rev 35382)
@@ -30825,6 +30825,7 @@
- erlang 1:17.3-dfsg-3 (bug #771359)
[squeeze] - erlang <no-dsa> (Minor issue)
[wheezy] - erlang <no-dsa> (Minor issue)
+ - lighttpd 1.4.35-4 (bug #765702)
NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV
More information about the Secure-testing-commits
mailing list