Hi Moritz! I'm not an expert in SSL, so I can't really say if it's a real threat. But i think I'd better prepare a patched package for jessie.
Should I do it for wheezy also? (Note, that we decided not to bother disabling SSLv3 for the erlang-ssl currently in wheezy.) On Fri, Apr 3, 2015 at 8:07 PM, Moritz Muehlenhoff <j...@debian.org> wrote: > Source: erlang > Severity: grave > Tags: security > > (Feel free to downgrade the severity, I don't have a full picture of > Erlang's SSL implementation) > > This has been assigned CVE-2015-2774: > http://openwall.com/lists/oss-security/2015/03/27/9 > > Fix is here: > https://github.com/erlang/otp/commit/e53c55dd0ab69982bc511396ccf8655d27c6d38c > > Cheers, > Moritz > -- Sergei Golovan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
