Bug#746626: sks: CVE-2014-3207: non-persistent XSS

Jeremy T. Bouse Tue, 06 May 2014 06:40:11 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

        This is quickly going to be a major issue for anyone running a public
SKS server like myself. Due to the vulnerability fixed by 1.1.5 this
is now becoming the minimum version and hosts not running it will
begin to be dropped from the publicly available pools. Effective
immediately it is the minimum for subset.pool.sks-keyservers.net and
there is currently a 45-60 day grace to get hosts in the
hkps.pool.sks-keyservers.net SSL-enabled pool upgraded before it
becomes the minimum version.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Icedove - http://www.enigmail.net/


iQGcBAEBCAAGBQJTaN7+AAoJEGS5Wo1uIL0kFxcMAK65nOiW3Iev6erGCo5Z5WTc
ppjFfo+w8sRUDdxAT+Uk1GQP1Q9YHhwrz8e0N4cMsx6YdXBvJBaq3gxLG+P+Zkls
cF15vyUJuiS8qwwBblFpAwl0xZVMEZ/yQWgCITZaDtyaysJCvlAvXkn35gY9zcix
HVGMhBVSuZ5ecYhKUhjlpXbkkErqzuWBjPP+C0SVp96hDGXd1N6ruLSYYKoi7q4S
BZZKCZzh2Imk/4gcMB2LyR6ZjYYXqyqsY9ewhf0ueXuD+K5V1ozRQ9RvxHTtQtpv
j5SKoIwBSmCyibN3am/yMk/sXocNQEPzhXzUHzqr8vyeOCbOxnoVGFPTQZQx3bZO
xxm8nMuI/JnG2mqLV6pJTmXbuZcQ/O3l79yQ1f24S8GyBTP6Hd6nLAC43Gydgtvf
skK+KAE/WdJqCn1hV8/eSj9vV+Nie5Xb5gXBDPJiiVpf3VCY7rxSKm8gAgaMPnju
Ewx/j+gGfw1+zNWDh4a03TFazUCQAUx3ZOr6ZKXTRQ==
=SmoJ
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#746626: sks: CVE-2014-3207: non-persistent XSS

Reply via email to