[Pkg-fedora-ds-maintainers] Bug#795657: libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing
jmm at inutil.org
Sun Jun 4 06:26:19 UTC 2017
On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote:
> Source: libapache2-mod-nss
> Version: 1.0.11-1
> Severity: important
> Tags: security upstream
> the following vulnerability was published for libapache2-mod-nss,
> introduced with the update to 1.0.11.
> incorrect multi-keyword mode cipherstring parsing
> The vulnerable code was added in 1.0.11 afaict.
What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14?
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
>  https://security-tracker.debian.org/tracker/CVE-2015-3277
>  https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8
>  https://bugzilla.redhat.com/show_bug.cgi?id=1238324
> Could you please double-check this?
More information about the Pkg-fedora-ds-maintainers