[Pkg-mono-svn-commits] [mono] branch master-2.10.8.1-tlsfix created (now bd14d30)
Jo Shields
directhex at moszumanska.debian.org
Thu Mar 19 14:48:59 UTC 2015
This is an automated email from the git hooks/post-receive script.
directhex pushed a change to branch master-2.10.8.1-tlsfix
in repository mono.
at bd14d30 finalize changelog
This branch includes the following new commits:
new c2afe08 Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. ("SKIP-TLS" attack). (Closes: #780751, CVE-2015-2318)
new 997bd08 Remove the client-side SSLv2 fallback. There's almost no SSLv3 web site left so a v2 fallback is only extra code we do not need to carry forward. (Closes: #780751, CVE-2015-2320)
new b570325 Remove the EXPORT ciphers and related code path. That was still useful in 2003/2004 but the technical and legal landscape changed a lot since then. Removing the old, limited key size, cipher suites also allow removed additional parts of the code that deals with them. ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
new bd14d30 finalize changelog
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mono/packages/mono.git
More information about the Pkg-mono-svn-commits
mailing list