[Pkg-fedora-ds-maintainers] Bug#795657: libapache2-mod-nss: CVE-2015-3277: incorrect multi-keyword mode cipherstring parsing

Salvatore Bonaccorso carnil at debian.org
Sun Jun 4 07:02:15 UTC 2017


Hi,

On Sun, Jun 04, 2017 at 08:26:19AM +0200, Moritz Mühlenhoff wrote:
> On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote:
> > Source: libapache2-mod-nss
> > Version: 1.0.11-1
> > Severity: important
> > Tags: security upstream
> > 
> > Hi,
> > 
> > the following vulnerability was published for libapache2-mod-nss,
> > introduced with the update to 1.0.11.
> > 
> > CVE-2015-3277[0]:
> > incorrect multi-keyword mode cipherstring parsing
> > 
> > The vulnerable code was added in 1.0.11[1] afaict.
> 
> What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14?

AFAICT, in ChangeLog up to 1.0.14 this seems still unresolved. The Red
Hat bug seem to indicate that as well (note I adjusted the introducing
commit reference in the security-tracker since the upstream git repo
moved to pagure.io apparently).

Salvatore



More information about the Pkg-fedora-ds-maintainers mailing list