Hi Moritz!
I'm not an expert in SSL, so I can't really say if it's a real threat.
But i think I'd better prepare a patched package for jessie.
Should I do it for wheezy also? (Note, that we decided not to bother
disabling SSLv3 for the erlang-ssl currently in wheezy.)
On Fri, Apr 3, 2015 at 8:07
Source: erlang
Severity: grave
Tags: security
(Feel free to downgrade the severity, I don't have a full picture of
Erlang's SSL implementation)
This has been assigned CVE-2015-2774:
http://openwall.com/lists/oss-security/2015/03/27/9
Fix is here:
https://github.com/erlang/otp/commit/e53c55dd0ab6
2 matches
Mail list logo
