[Pkg-fedora-ds-maintainers] Bug#795657: libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing
Moritz Mühlenhoff
jmm at inutil.org
Sun Jun 4 06:26:19 UTC 2017
On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote:
> Source: libapache2-mod-nss
> Version: 1.0.11-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for libapache2-mod-nss,
> introduced with the update to 1.0.11.
>
> CVE-2015-3277[0]:
> incorrect multi-keyword mode cipherstring parsing
>
> The vulnerable code was added in 1.0.11[1] afaict.
What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14?
Cheers,
Moritz
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-3277
> [1] https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1238324
>
> Could you please double-check this?
>
> Regards,
> Salvatore
>
More information about the Pkg-fedora-ds-maintainers
mailing list