[Pkg-mono-svn-commits] [mono] 04/04: finalize changelog
Jo Shields
directhex at moszumanska.debian.org
Thu Mar 19 14:48:59 UTC 2015
This is an automated email from the git hooks/post-receive script.
directhex pushed a commit to branch master-2.10.8.1-tlsfix
in repository mono.
commit bd14d30250f601da904cb8c5d728fb59b766ff71
Author: Jo Shields <jo.shields at xamarin.com>
Date: Thu Mar 19 11:33:44 2015 +0000
finalize changelog
---
debian/changelog | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 5f2bb0f..94be436 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+mono (2.10.8.1-8+deb7u1) wheezy-security; urgency=high
+
+ * [c2afe08] Mono's implementation of the SSL/TLS stack failed to check
+ the order of the handshake messages. Which would allow various attacks
+ on the protocol to succeed. ("SKIP-TLS" attack).
+ (Closes: #780751, CVE-2015-2318)
+ * [997bd08] Remove the client-side SSLv2 fallback. There's almost no
+ SSLv3 web site left so a v2 fallback is only extra code we do not
+ need to carry forward. (Closes: #780751, CVE-2015-2320)
+ * [b570325] Remove the EXPORT ciphers and related code path. That was
+ still useful in 2003/2004 but the technical and legal landscape changed
+ a lot since then. Removing the old, limited key size, cipher suites
+ also allow removed additional parts of the code that deals with them.
+ ("FREAK" attack) (Closes: #780751, CVE-2015-2319)
+
+ -- Jo Shields <jo.shields at xamarin.com> Thu, 19 Mar 2015 11:32:12 +0000
+
mono (2.10.8.1-8) unstable; urgency=high
* [b9108c7] Dirty patch to introduce a new System.Windows.Forms.WebBrowser
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mono/packages/mono.git
More information about the Pkg-mono-svn-commits
mailing list