[Pkg-fedora-ds-maintainers] Bug#795657: libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 16 06:05:18 UTC 2015
Source: libapache2-mod-nss
Version: 1.0.11-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libapache2-mod-nss,
introduced with the update to 1.0.11.
CVE-2015-3277[0]:
incorrect multi-keyword mode cipherstring parsing
The vulnerable code was added in 1.0.11[1] afaict.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3277
[1] https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1238324
Could you please double-check this?
Regards,
Salvatore
More information about the Pkg-fedora-ds-maintainers
mailing list