Author: sf Date: 2009-11-24 22:14:59 +0000 (Tue, 24 Nov 2009) New Revision: 13370 Modified: data/CVE-2009-3555 Log: more TLS updates Modified: data/CVE-2009-3555 ==================================================================--- data/CVE-2009-3555 2009-11-24 21:14:14 UTC (rev 13369) +++ data/CVE-2009-3555 2009-11-24 22:14:59 UTC (rev 13370) @@ -20,9 +20,13 @@ - openjdk-6 - sun-java5 - sun-java6 -- libapache-mod-ssl (oldstable only) Applications, which have been modified: - proftpd-dfsg -> Disabled SSL/TLS renegotiations in 1.3.2b-2 in unstable - apache2 -> Disabled client-initiated SSL/TLS renegs in 2.2.14-2, only partial fix, also issued as DSA 1934 for stable -- tomcat-native -> 1.1.18-1 \ No newline at end of file +- tomcat-native -> 1.1.18-1 + +Candidates for modification: +- nginx: disables renegotiation in 0.7.64, bug #557873, + patch at http://sysoev.ru/nginx/patch.cve-2009-3555.txt +- libapache-mod-ssl (oldstable only) bug #556942, no patch yet