Overview
Request 201263 accepted
Contains a security relevant bugfix and should be considered for 13.1
- update to 3.15.2 (bnc#842979)
* Support for AES-GCM ciphersuites that use the SHA-256 PRF
* MD2, MD4, and MD5 signatures are no longer accepted for OCSP
or CRLs
* Add PK11_CipherFinal macro
* sizeof() used incorrectly
* nssutil_ReadSecmodDB() leaks memory
* Allow SSL_HandshakeNegotiatedExtension to be called before
the handshake is finished.
* Deprecate the SSL cipher policy code
* Avoid uninitialized data read in the event of a decryption
failure. (CVE-2013-1739)
- Created by wrosenauer
- In state accepted
- Supersedes 201262
Request History
wrosenauer created request
Contains a security relevant bugfix and should be considered for 13.1
- update to 3.15.2 (bnc#842979)
* Support for AES-GCM ciphersuites that use the SHA-256 PRF
* MD2, MD4, and MD5 signatures are no longer accepted for OCSP
or CRLs
* Add PK11_CipherFinal macro
* sizeof() used incorrectly
* nssutil_ReadSecmodDB() leaks memory
* Allow SSL_HandshakeNegotiatedExtension to be called before
the handshake is finished.
* Deprecate the SSL cipher policy code
* Avoid uninitialized data read in the event of a decryption
failure. (CVE-2013-1739)
factory-auto added a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
factory-auto added a reviewer
Please review build success
licensedigger accepted review
{"approve": "version update 3.15.1 -> 3.15.2 covered by ldb"}
dimstar accepted review
ok
factory-repo-checker approved review
Builds for repo openSUSE_Factory
factory-repo-checker accepted review
Builds for repo openSUSE_Factory
coolo accepted request
checkin and copy for 13.1