Package: mono / 2.10.8.1-8+deb7u1

Metadata

Package Version Patches format
mono 2.10.8.1-8+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian changes | (download)

Makefile.am | 4 2 + 2 - 0 !
configure.in | 39 32 + 7 - 0 !
data/mono-cairo.pc.in | 4 2 + 2 - 0 !
data/mono.pc.in | 4 2 + 2 - 0 !
data/net_1_1/machine.config | 4 4 + 0 - 0 !
data/net_2_0/machine.config | 4 4 + 0 - 0 !
data/net_4_0/machine.config | 4 4 + 0 - 0 !
libgc/configure.in | 11 11 + 0 - 0 !
libgc/dyn_load.c | 4 2 + 2 - 0 !
libgc/include/gc.h | 2 1 + 1 - 0 !
libgc/include/private/gcconfig.h | 41 35 + 6 - 0 !
mcs/build/rules.make | 2 1 + 1 - 0 !
mcs/class/Microsoft.Build.Engine/Microsoft.Build.BuildEngine/Engine.cs | 18 10 + 8 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs | 28 14 + 14 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs | 30 23 + 7 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs | 2 2 + 0 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs | 174 3 + 171 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs | 37 27 + 10 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs | 54 5 + 49 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs | 14 3 + 11 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs | 40 5 + 35 - 0 !
mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs | 43 43 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.NullBrowser/Base.cs | 180 180 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.NullBrowser/DOM/Navigation.cs | 127 127 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.NullBrowser/WebBrowser.cs | 414 414 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.WebBrowser.dll.sources | 3 3 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.WebBrowser/Manager.cs | 11 9 + 2 - 0 !
mcs/class/System.Web/System.Web.UI/Page.cs | 4 2 + 2 - 0 !
mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs | 131 131 + 0 - 0 !
mcs/class/System.Web/System.Web.dll.sources | 1 1 + 0 - 0 !
mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs | 2 1 + 1 - 0 !
mcs/class/System.Web/System.Web/WebROCollection.cs | 5 4 + 1 - 0 !
mcs/class/System/System.Security.Cryptography.X509Certificates/PublicKey.cs | 4 3 + 1 - 0 !
mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedName.cs | 7 4 + 3 - 0 !
mcs/class/System/System.Security.Cryptography.X509Certificates/X509ExtensionCollection.cs | 5 3 + 2 - 0 !
mcs/class/corlib/System.Reflection.Emit/AssemblyBuilder.cs | 13 7 + 6 - 0 !
mcs/class/corlib/System/Console.cs | 3 1 + 2 - 0 !
mcs/jay/Makefile | 2 1 + 1 - 0 !
mcs/tools/corcompare/mono-api-info.cs | 6 5 + 1 - 0 !
mono/arch/arm/arm-dis.c | 6 3 + 3 - 0 !
mono/metadata/security.c | 1 1 + 0 - 0 !
mono/metadata/sgen-gc.h | 2 1 + 1 - 0 !
mono/mini/Makefile.am | 13 2 + 11 - 0 !
mono/mini/mini-amd64.h | 2 1 + 1 - 0 !
mono/mini/mini-x86.h | 4 2 + 2 - 0 !
mono/tests/Makefile.am | 1 0 + 1 - 0 !
mono/utils/mono-sigcontext.h | 22 20 + 2 - 0 !
47 files changed, 1161 insertions(+), 371 deletions(-)

 <short summary of the patch>
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 mono (2.10.8.1-8+deb7u1) wheezy-security; urgency=high
 .
   * [c2afe08] Mono's implementation of the SSL/TLS stack failed to check
     the order of the handshake messages. Which would allow various attacks
     on the protocol to succeed. ("SKIP-TLS" attack).
     (Closes: #780751, CVE-2015-2318)
   * [997bd08] Remove the client-side SSLv2 fallback. There's almost no
     SSLv3 web site left so a v2 fallback is only extra code we do not
     need to carry forward. (Closes: #780751, CVE-2015-2320)
   * [b570325] Remove the EXPORT ciphers and related code path. That was
     still useful in 2003/2004 but the technical and legal landscape changed
     a lot since then. Removing the old, limited key size, cipher suites
     also allow removed additional parts of the code that deals with them.
     ("FREAK" attack) (Closes: #780751, CVE-2015-2319)