summaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorRaphaël Hertzog <hertzog@debian.org>2015-07-20 13:48:31 +0000
committerRaphaël Hertzog <hertzog@debian.org>2015-07-20 13:48:31 +0000
commit7afe2262e8139f9531d15614d90bad7458570729 (patch)
tree42e50a69ca0a3c02acbd1b1b728aa89e4882f566 /packages
parentc6e4f6a615b3b01b526202c827c4e8b23cb26c3c (diff)
Mark CVE-2015-4000 as fixed by DLA-247-1
But add a note in packages/openssl.txt so that we don't forget to increase the minimum DH key length to 1024 bits. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@35591 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'packages')
-rw-r--r--packages/openssl.txt7
1 files changed, 7 insertions, 0 deletions
diff --git a/packages/openssl.txt b/packages/openssl.txt
new file mode 100644
index 0000000000..c0f4a82e9e
--- /dev/null
+++ b/packages/openssl.txt
@@ -0,0 +1,7 @@
+NOTE: CVE-2015-4000 is not completely fixed. We need to raise the
+minimum DH key length to 1024, but shouldn't do this while many
+servers still use 768 bits. To set up a server to test against,
+edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c
+to always return a short key.
+
+Drop this file once this has been done in all supported releases.

© 2014-2024 Faster IT GmbH | imprint | privacy policy