Author: corsac
Date: 2014-10-15 05:59:48 +0000 (Wed, 15 Oct 2014)
New Revision: 29406
Modified:
data/CVE/list
Log:
add CVE-2014-3566 / POODLE attack
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-14 21:27:38 UTC (rev 29405)
+++ data/CVE/list 2014-10-15 05:59:48 UTC (rev 29406)
@@ -10311,8 +10311,16 @@
RESERVED
CVE-2014-3567
RESERVED
-CVE-2014-3566
+CVE-2014-3566 [POODLE attack against SSLv3]
RESERVED
+ - openssl <unfixed>
+ - nss <unfixed>
+ - gnutls <unfixed>
+ [wheezy] - iceweasel <unfixed>
+ [wheezy] - icedove <unfixed>
+ NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
+ NOTE:
http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
+ NOTE: workaround is to disable SSLv3 in application configurations when
possible
CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ
option is ...)
- net-snmp 5.7.2.1~dfsg-7 (bug #760132)
[wheezy] - net-snmp <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
