Request 258173 - openSUSE Build Service

This request is superseded by request 258898 (Show diff)

Overview

Request 258173 superseded

Serf 1.3.8
This release fixes a problem with handling very large gzip-
encoded HTTP responses and disables SSLv2 and SSLv3.
* CRC calculation error for gzipped http reponses > 4GB.
* SSPI CredHandle not freed when APR pool is destroyed.
* Disable SSLv2 and SSLv3 as both or broken [boo#901968]

Created by AndreasStieger over 9 years ago
In state superseded
Superseded by 258898

Comments for request 258173 0

Login required, please login in order to comment

Request History

AndreasStieger created request over 9 years ago

Serf 1.3.8
This release fixes a problem with handling very large gzip-
encoded HTTP responses and disables SSLv2 and SSLv3.
* CRC calculation error for gzipped http reponses > 4GB.
* SSPI CredHandle not freed when APR pool is destroyed.
* Disable SSLv2 and SSLv3 as both or broken [boo#901968]

mgriessmeier declined request over 9 years ago

Can you please add something like "Disable SSL to fix CVE-2014-3566 (POODLE)" to your .changes so that the CVE is listed in the mentioned issues?

Thanks in advance

AndreasStieger superseded request over 9 years ago

superseded to add to changelog

openSUSE Build Service is sponsored by