[Pkg-mono-svn-commits] [mono] branch master-2.6.7-tlsfix created (now eba2e52)
Jo Shields
directhex at moszumanska.debian.org
Thu Mar 19 12:41:31 UTC 2015
This is an automated email from the git hooks/post-receive script.
directhex pushed a change to branch master-2.6.7-tlsfix
in repository mono.
at eba2e52 Finalize changelog
This branch includes the following new commits:
new 74ceb8e Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. ("SKIP-TLS" attack). (Closes: #780751, CVE-2015-2318)
new 1aae9b7 Remove the client-side SSLv2 fallback. There's almost no SSLv3 web site left so a v2 fallback is only extra code we do not need to carry forward. (Closes: #780751, CVE-2015-2320)
new 1d1cf6a Remove the EXPORT ciphers and related code path. That was still useful in 2003/2004 but the technical and legal landscape changed a lot since then. Removing the old, limited key size, cipher suites also allow removed additional parts of the code that deals with them. ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
new eba2e52 Finalize changelog
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mono/packages/mono.git
More information about the Pkg-mono-svn-commits
mailing list