Author: benh Date: 2015-06-28 22:00:34 +0000 (Sun, 28 Jun 2015) New Revision: 35203
Modified: data/dla-needed.txt Log: Un-claim openssl; explain why CVE-2015-4000 is not and won't be fixed yet Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2015-06-28 21:03:59 UTC (rev 35202) +++ data/dla-needed.txt 2015-06-28 22:00:34 UTC (rev 35203) @@ -42,8 +42,12 @@ -- netty -- -openssl (Ben Hutchings) - in contrast to the DLA email, CVE-2015-4000 is not yet fixed +openssl + NOTE: CVE-2015-4000 is not completely fixed. We need to raise the + minimum DH key length to 1024, but shouldn't do this while many + servers still use 768 bits. To set up a server to test against, + edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c + to always return a short key. -- php5 (Thorsten Alteholz) NOTE: upload in June/July _______________________________________________ Secure-testing-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
