Bug#769781: polarssl: disable SSLv3 also in jessie
Hi Roland, On Mon, November 17, 2014 10:02, Roland Stigge wrote: > On 11/16/2014 01:17 PM, Thijs Kinkhorst wrote: >> Sorry, I have to change my request because I've now seen that the new >> upstream release of polarssl also fixes some other security issues. >> >> Will you be contacting the release team for an unblock request? > > Yes, I also got the note from Moritz that polarssl 1.3.9 fixes 2 forther > CVEs. Therefore, I'm requesting an unblock request for polarssl 1.3.9-2 > to jessie (formally attaching the diff and diffstat). Thanks, but the release team has made it explicit that you need to file a bug against release.debian.org with the unblock request (e.g. by using reportug release.debian.org and choosing 'unblock'). Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#769781: polarssl: disable SSLv3 also in jessie
Hi Roland, Sorry, I have to change my request because I've now seen that the new upstream release of polarssl also fixes some other security issues. Will you be contacting the release team for an unblock request? Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#769781: polarssl: disable SSLv3 also in jessie
Package: polarssl Version: 1.3.8-1 Severity: important Tags: security Hi Roland, I see that SSLv3 has been disabled in polarssl/1.3.9-2 in sid, excellent. However, it's really desirable to have this fix also in jessie. Given that unstable has a new upstream release with many changes, I think it's unlikely that the release team will unblock 1.3.9-2. Can you maybe prepare an update 1.3.8-1+deb8u1 for testing-proposed-updates that disables SSLv3 only? Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org