[Secure-testing-commits] r35203 - data
Ben Hutchings
benh at moszumanska.debian.org
Sun Jun 28 22:00:35 UTC 2015
Author: benh
Date: 2015-06-28 22:00:34 +0000 (Sun, 28 Jun 2015)
New Revision: 35203
Modified:
data/dla-needed.txt
Log:
Un-claim openssl; explain why CVE-2015-4000 is not and won't be fixed yet
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-06-28 21:03:59 UTC (rev 35202)
+++ data/dla-needed.txt 2015-06-28 22:00:34 UTC (rev 35203)
@@ -42,8 +42,12 @@
--
netty
--
-openssl (Ben Hutchings)
- in contrast to the DLA email, CVE-2015-4000 is not yet fixed
+openssl
+ NOTE: CVE-2015-4000 is not completely fixed. We need to raise the
+ minimum DH key length to 1024, but shouldn't do this while many
+ servers still use 768 bits. To set up a server to test against,
+ edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c
+ to always return a short key.
--
php5 (Thorsten Alteholz)
NOTE: upload in June/July
More information about the Secure-testing-commits
mailing list