[Pkg-mono-svn-commits] [mono] 04/04: Finalize changelog
Jo Shields
directhex at moszumanska.debian.org
Thu Mar 19 12:41:32 UTC 2015
This is an automated email from the git hooks/post-receive script.
directhex pushed a commit to branch master-2.6.7-tlsfix
in repository mono.
commit eba2e52a388752b1f56c0eda0773ff518512c7a1
Author: Jo Shields <jo.shields at xamarin.com>
Date: Thu Mar 19 09:42:03 2015 +0000
Finalize changelog
---
debian/changelog | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 47e97cf..62e3cf3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+mono (2.6.7-5.1+deb6u1) squeeze-lts; urgency=high
+
+ * [74ceb8e] Mono's implementation of the SSL/TLS stack failed to check
+ the order of the handshake messages. Which would allow various attacks
+ on the protocol to succeed. ("SKIP-TLS" attack).
+ (Closes: #780751, CVE-2015-2318)
+ * [1aae9b7] Remove the client-side SSLv2 fallback. There's almost no SSLv3
+ web site left so a v2 fallback is only extra code we do not need to
+ carry forward. (Closes: #780751, CVE-2015-2320)
+ * [1d1cf6a] Remove the EXPORT ciphers and related code path. That was
+ still useful in 2003/2004 but the technical and legal landscape changed
+ a lot since then. Removing the old, limited key size, cipher suites
+ also allow removed additional parts of the code that deals with them.
+ ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
+
+ -- Jo Shields <jo.shields at xamarin.com> Thu, 19 Mar 2015 09:40:40 +0000
+
mono (2.6.7-5.1) stable-security; urgency=high
[ Gonzalo Paniagua Javier ]
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mono/packages/mono.git
More information about the Pkg-mono-svn-commits
mailing list