Package: mysql-5.5 Severity: serious Tags: security Hi,
Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ The issue has been fixed in upstream yaSSL 2.5.0: http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html The generic protocol issue has been assigned CVE name CVE-2013-0169. The yaSSL specific fix is known as CVE-2013-1623. Please mention these identifiers in the changelog. Can you see to it that this issue is addressed in unstable and testing? Cheers, Thijs
signature.asc
Description: This is a digitally signed message part.
