[Secure-testing-commits] r35591 - data data/DLA packages

Raphaël Hertzog hertzog at moszumanska.debian.org
Mon Jul 20 13:48:31 UTC 2015 

Author: hertzog
Date: 2015-07-20 13:48:31 +0000 (Mon, 20 Jul 2015)
New Revision: 35591

Added:
   packages/openssl.txt
Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Mark CVE-2015-4000 as fixed by DLA-247-1

But add a note in packages/openssl.txt so that we don't forget to increase
the minimum DH key length to 1024 bits.

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2015-07-20 13:48:28 UTC (rev 35590)
+++ data/DLA/list	2015-07-20 13:48:31 UTC (rev 35591)
@@ -94,7 +94,7 @@
 	{CVE-2015-3456}
 	[squeeze] - qemu 0.12.5+dfsg-3squeeze5
 [17 Jun 2015] DLA-247-1 openssl - security update
-	{CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792}
+	{CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-4000}
 	[squeeze] - openssl 0.9.8o-4squeeze21
 [17 Jun 2015] DLA-246-2 linux-2.6 - security update
 	[squeeze] - linux-2.6 2.6.32-48squeeze13

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-07-20 13:48:28 UTC (rev 35590)
+++ data/dla-needed.txt	2015-07-20 13:48:31 UTC (rev 35591)
@@ -48,13 +48,6 @@
   v5.5. For discussion if openSSH in squeeze is affected and to what extent,
   see: https://lists.debian.org/debian-lts/2015/07/msg00045.html
 --
-openssl
-  NOTE: CVE-2015-4000 is not completely fixed.  We need to raise the
-  minimum DH key length to 1024, but shouldn't do this while many
-  servers still use 768 bits.  To set up a server to test against,
-  edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c
-  to always return a short key.
---
 php5 (Thorsten Alteholz)
   NOTE: upload in June/July
 --

Added: packages/openssl.txt
===================================================================
--- packages/openssl.txt	                        (rev 0)
+++ packages/openssl.txt	2015-07-20 13:48:31 UTC (rev 35591)
@@ -0,0 +1,7 @@
+NOTE: CVE-2015-4000 is not completely fixed.  We need to raise the
+minimum DH key length to 1024, but shouldn't do this while many
+servers still use 768 bits.  To set up a server to test against,
+edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c
+to always return a short key.
+
+Drop this file once this has been done in all supported releases.

More information about the Secure-testing-commits mailing list