[Pkg-mono-svn-commits] [mono] 04/04: Finalize changelog

[Jo Shields]

This is an automated email from the git hooks/post-receive script.

directhex pushed a commit to branch master-2.6.7-tlsfix
in repository mono.

commit eba2e52a388752b1f56c0eda0773ff518512c7a1
Author: Jo Shields <jo.shields at xamarin.com>
Date:   Thu Mar 19 09:42:03 2015 +0000

    Finalize changelog
---
 debian/changelog | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 47e97cf..62e3cf3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+mono (2.6.7-5.1+deb6u1) squeeze-lts; urgency=high
+
+  * [74ceb8e] Mono's implementation of the SSL/TLS stack failed to check 
+    the order of the handshake messages. Which would allow various attacks 
+    on the protocol to succeed. ("SKIP-TLS" attack). 
+    (Closes: #780751, CVE-2015-2318)
+  * [1aae9b7] Remove the client-side SSLv2 fallback. There's almost no SSLv3 
+    web site left so a v2 fallback is only extra code we do not need to 
+    carry forward. (Closes: #780751, CVE-2015-2320)
+  * [1d1cf6a] Remove the EXPORT ciphers and related code path. That was 
+    still useful in 2003/2004 but the technical and legal landscape changed 
+    a lot since then. Removing the old, limited key size, cipher suites 
+    also allow removed additional parts of the code that deals with them. 
+    ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
+
+ -- Jo Shields <jo.shields at xamarin.com>  Thu, 19 Mar 2015 09:40:40 +0000
+
 mono (2.6.7-5.1) stable-security; urgency=high
 
   [ Gonzalo Paniagua Javier ]

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mono/packages/mono.git