diff options
author | Raphaël Hertzog <hertzog@debian.org> | 2015-07-20 13:48:31 +0000 |
---|---|---|
committer | Raphaël Hertzog <hertzog@debian.org> | 2015-07-20 13:48:31 +0000 |
commit | de3aaf3ef4d219ef5b996601d88db1a832fb6590 (patch) | |
tree | 8e86fe537950e59f7adb327d55a3784615115a70 /packages | |
parent | 86c5f0e4c61dd57f06d0ffbe506a39c72eae94c4 (diff) |
Mark CVE-2015-4000 as fixed by DLA-247-1
But add a note in packages/openssl.txt so that we don't forget to increase
the minimum DH key length to 1024 bits.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@35591 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'packages')
-rw-r--r-- | packages/openssl.txt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/packages/openssl.txt b/packages/openssl.txt new file mode 100644 index 0000000000..c0f4a82e9e --- /dev/null +++ b/packages/openssl.txt @@ -0,0 +1,7 @@ +NOTE: CVE-2015-4000 is not completely fixed. We need to raise the +minimum DH key length to 1024, but shouldn't do this while many +servers still use 768 bits. To set up a server to test against, +edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c +to always return a short key. + +Drop this file once this has been done in all supported releases. |