diff options
| author | Raphaël Hertzog <hertzog@debian.org> | 2015-07-20 13:48:31 +0000 |
|---|---|---|
| committer | Raphaël Hertzog <hertzog@debian.org> | 2015-07-20 13:48:31 +0000 |
| commit | 7afe2262e8139f9531d15614d90bad7458570729 (patch) | |
| tree | 42e50a69ca0a3c02acbd1b1b728aa89e4882f566 | |
| parent | c6e4f6a615b3b01b526202c827c4e8b23cb26c3c (diff) | |
Mark CVE-2015-4000 as fixed by DLA-247-1
But add a note in packages/openssl.txt so that we don't forget to increase
the minimum DH key length to 1024 bits.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@35591 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/DLA/list | 2 | ||||
| -rw-r--r-- | data/dla-needed.txt | 7 | ||||
| -rw-r--r-- | packages/openssl.txt | 7 |
3 files changed, 8 insertions, 8 deletions
diff --git a/data/DLA/list b/data/DLA/list index ca1e1a049d..4a59c969d7 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -94,7 +94,7 @@ {CVE-2015-3456} [squeeze] - qemu 0.12.5+dfsg-3squeeze5 [17 Jun 2015] DLA-247-1 openssl - security update - {CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792} + {CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-4000} [squeeze] - openssl 0.9.8o-4squeeze21 [17 Jun 2015] DLA-246-2 linux-2.6 - security update [squeeze] - linux-2.6 2.6.32-48squeeze13 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 34651a038a..3fdb46d1ce 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -48,13 +48,6 @@ openssh (Mike Gabriel) v5.5. For discussion if openSSH in squeeze is affected and to what extent, see: https://lists.debian.org/debian-lts/2015/07/msg00045.html -- -openssl - NOTE: CVE-2015-4000 is not completely fixed. We need to raise the - minimum DH key length to 1024, but shouldn't do this while many - servers still use 768 bits. To set up a server to test against, - edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c - to always return a short key. --- php5 (Thorsten Alteholz) NOTE: upload in June/July -- diff --git a/packages/openssl.txt b/packages/openssl.txt new file mode 100644 index 0000000000..c0f4a82e9e --- /dev/null +++ b/packages/openssl.txt @@ -0,0 +1,7 @@ +NOTE: CVE-2015-4000 is not completely fixed. We need to raise the +minimum DH key length to 1024, but shouldn't do this while many +servers still use 768 bits. To set up a server to test against, +edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c +to always return a short key. + +Drop this file once this has been done in all supported releases. |