diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-07-29 11:21:01 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-07-29 11:32:06 +0200 |
| commit | d6f84f090613e27a0f63e723788a61f0954ae787 (patch) | |
| tree | 8b4564242ce19bba15633cef95880803d2efa69e /data/CVE/2014.list | |
| parent | f030ab8fa0e834b41ac747ba16ded74283c23582 (diff) | |
Mark CVE-2014-3566/netsurf as fixed with 3.6-1
Upstream commit b2242c57e17f ("HTTPS: disable all SSL versions; emit
fallback SCSV on downgrade.") in 3.3 disables SSLv3. Later on commit
a8bf9b05aa94 ("HTTPS: restrict ciphersuites") in 3.8 restricts further
the cipyersuites.
Diffstat (limited to 'data/CVE/2014.list')
| -rw-r--r-- | data/CVE/2014.list | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index e136da3cef..94239f8a31 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -17641,7 +17641,7 @@ CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other [squeeze] - matrixssl <no-dsa> (Minor issue) [wheezy] - matrixssl <no-dsa> (Minor issue) - midori <unfixed> (unimportant) - - netsurf <unfixed> (unimportant) + - netsurf 3.6-1 (unimportant) - nss 2:3.17.1-1 [squeeze] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that) [wheezy] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that) |