[Pkg-erlang-devel] Bug#781839: CVE-2015-2774
Sergei Golovan
sgolovan at nes.ru
Sat Apr 4 04:40:21 UTC 2015
Hi Moritz!
I'm not an expert in SSL, so I can't really say if it's a real threat.
But i think I'd better prepare a patched package for jessie.
Should I do it for wheezy also? (Note, that we decided not to bother
disabling SSLv3 for the erlang-ssl currently in wheezy.)
On Fri, Apr 3, 2015 at 8:07 PM, Moritz Muehlenhoff <jmm at debian.org> wrote:
> Source: erlang
> Severity: grave
> Tags: security
>
> (Feel free to downgrade the severity, I don't have a full picture of
> Erlang's SSL implementation)
>
> This has been assigned CVE-2015-2774:
> http://openwall.com/lists/oss-security/2015/03/27/9
>
> Fix is here:
> https://github.com/erlang/otp/commit/e53c55dd0ab69982bc511396ccf8655d27c6d38c
>
> Cheers,
> Moritz
>
--
Sergei Golovan
More information about the Pkg-erlang-devel
mailing list