[Pkg-mono-svn-commits] [mono] annotated tag debian/2.6.7-5.1+deb6u1 created (now e5456ab)
Jo Shields
directhex at moszumanska.debian.org
Thu Mar 19 12:41:47 UTC 2015
This is an automated email from the git hooks/post-receive script.
directhex pushed a change to annotated tag debian/2.6.7-5.1+deb6u1
in repository mono.
at e5456ab (tag)
tagging eba2e52a388752b1f56c0eda0773ff518512c7a1 (commit)
replaces debian/2.6.7-5.1
tagged by Jo Shields
on Thu Mar 19 12:30:53 2015 +0000
- Log -----------------------------------------------------------------
mono Debian release 2.6.7-5.1+deb6u1
Jo Shields (4):
Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. ("SKIP-TLS" attack). (Closes: #780751, CVE-2015-2318)
Remove the client-side SSLv2 fallback. There's almost no SSLv3 web site left so a v2 fallback is only extra code we do not need to carry forward. (Closes: #780751, CVE-2015-2320)
Remove the EXPORT ciphers and related code path. That was still useful in 2003/2004 but the technical and legal landscape changed a lot since then. Removing the old, limited key size, cipher suites also allow removed additional parts of the code that deals with them. ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
Finalize changelog
-----------------------------------------------------------------------
No new revisions were added by this update.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mono/packages/mono.git
More information about the Pkg-mono-svn-commits
mailing list