[ubuntu/trusty-updates] mono 3.2.8+dfsg-4ubuntu1.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Mar 24 13:28:39 UTC 2015
mono (3.2.8+dfsg-4ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: TLS impersonation attack
- debian/patches/CVE-2015-2318.patch: add handshake state validation to
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
- CVE-2015-2318
* SECURITY UPDATE: FREAK attack vulnerability
- debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
- CVE-2015-2319
* SECURITY UPDATE: SSLv2 support
- debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
- CVE-2015-2320
* debian/source/options: Don't use single-debian-patch for Ubuntu.
Date: 2015-03-20 19:50:19.292004+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/mono/3.2.8+dfsg-4ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list