blob: d70c6ccbe2469555476b8e7c1707df74e7fabdaf (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
A generic position statement will be send by Florian.
SSL implementations in the archive:
- openssl -> Disabled SSL/TLS renegotiations in 0.9.8k-6 in unstable (bug #555829)
- openssl097 (oldstable only)
- gnutls26
- gnutls13 (oldstable only)
- nss
- xyssl
- polarssl
- matrixssl -> Disabled SSL/TLS renegs in 1.8.8-1 in unstable
- pike7.6
- classpath
- gcj-4.1
- gcj-4.2
- gcj-4.3
- gcj-4.4
- zorp
- openjdk-6
- sun-java5
- sun-java6
Applications, which have been modified:
- proftpd-dfsg -> Disabled SSL/TLS renegotiations in 1.3.2b-2 in unstable
- apache2 -> Disabled client-initiated SSL/TLS renegs in 2.2.14-2, only partial fix, also issued as DSA 1934 for stable
- tomcat-native -> 1.1.18-1
- nginx: disabled renegotiation in 0.7.64-1
patch at http://sysoev.ru/nginx/patch.cve-2009-3555.txt
Candidates for modification:
- libapache-mod-ssl (oldstable only) bug #556942, no patch yet
|
