diff options
author | Raphaël Hertzog <hertzog@debian.org> | 2015-07-20 13:48:31 +0000 |
---|---|---|
committer | Raphaël Hertzog <hertzog@debian.org> | 2015-07-20 13:48:31 +0000 |
commit | b33ff3d106ce28b15a147aabcf9fa86b2e125b55 (patch) | |
tree | ae86f9b01a104fd84013d17b23d39485a27732dc /packages | |
parent | c819555a94629a1622078741fb2930d7dafee625 (diff) |
Mark CVE-2015-4000 as fixed by DLA-247-1
But add a note in packages/openssl.txt so that we don't forget to increase
the minimum DH key length to 1024 bits.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@35591 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'packages')
-rw-r--r-- | packages/openssl.txt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/packages/openssl.txt b/packages/openssl.txt new file mode 100644 index 0000000000..c0f4a82e9e --- /dev/null +++ b/packages/openssl.txt @@ -0,0 +1,7 @@ +NOTE: CVE-2015-4000 is not completely fixed. We need to raise the +minimum DH key length to 1024, but shouldn't do this while many +servers still use 768 bits. To set up a server to test against, +edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c +to always return a short key. + +Drop this file once this has been done in all supported releases. |