debian changes | (download) |
Makefile.am |
4 2 + 2 - 0 !
configure.in |
39 32 + 7 - 0 !
data/mono-cairo.pc.in |
4 2 + 2 - 0 !
data/mono.pc.in |
4 2 + 2 - 0 !
data/net_1_1/machine.config |
4 4 + 0 - 0 !
data/net_2_0/machine.config |
4 4 + 0 - 0 !
data/net_4_0/machine.config |
4 4 + 0 - 0 !
libgc/configure.in |
11 11 + 0 - 0 !
libgc/dyn_load.c |
4 2 + 2 - 0 !
libgc/include/gc.h |
2 1 + 1 - 0 !
libgc/include/private/gcconfig.h |
41 35 + 6 - 0 !
mcs/build/rules.make |
2 1 + 1 - 0 !
mcs/class/Microsoft.Build.Engine/Microsoft.Build.BuildEngine/Engine.cs |
18 10 + 8 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs |
28 14 + 14 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs |
30 23 + 7 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs |
2 2 + 0 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs |
174 3 + 171 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs |
37 27 + 10 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs |
54 5 + 49 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs |
14 3 + 11 - 0 !
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs |
40 5 + 35 - 0 !
mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs |
43 43 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.NullBrowser/Base.cs |
180 180 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.NullBrowser/DOM/Navigation.cs |
127 127 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.NullBrowser/WebBrowser.cs |
414 414 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.WebBrowser.dll.sources |
3 3 + 0 - 0 !
mcs/class/Mono.WebBrowser/Mono.WebBrowser/Manager.cs |
11 9 + 2 - 0 !
mcs/class/System.Web/System.Web.UI/Page.cs |
4 2 + 2 - 0 !
mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs |
131 131 + 0 - 0 !
mcs/class/System.Web/System.Web.dll.sources |
1 1 + 0 - 0 !
mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs |
2 1 + 1 - 0 !
mcs/class/System.Web/System.Web/WebROCollection.cs |
5 4 + 1 - 0 !
mcs/class/System/System.Security.Cryptography.X509Certificates/PublicKey.cs |
4 3 + 1 - 0 !
mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedName.cs |
7 4 + 3 - 0 !
mcs/class/System/System.Security.Cryptography.X509Certificates/X509ExtensionCollection.cs |
5 3 + 2 - 0 !
mcs/class/corlib/System.Reflection.Emit/AssemblyBuilder.cs |
13 7 + 6 - 0 !
mcs/class/corlib/System/Console.cs |
3 1 + 2 - 0 !
mcs/jay/Makefile |
2 1 + 1 - 0 !
mcs/tools/corcompare/mono-api-info.cs |
6 5 + 1 - 0 !
mono/arch/arm/arm-dis.c |
6 3 + 3 - 0 !
mono/metadata/security.c |
1 1 + 0 - 0 !
mono/metadata/sgen-gc.h |
2 1 + 1 - 0 !
mono/mini/Makefile.am |
13 2 + 11 - 0 !
mono/mini/mini-amd64.h |
2 1 + 1 - 0 !
mono/mini/mini-x86.h |
4 2 + 2 - 0 !
mono/tests/Makefile.am |
1 0 + 1 - 0 !
mono/utils/mono-sigcontext.h |
22 20 + 2 - 0 !
47 files changed, 1161 insertions(+), 371 deletions(-) |
<short summary of the patch>
TODO: Put a short summary on the line above and replace this paragraph
with a longer explanation of this change. Complete the meta-information
with other relevant fields (see below for details). To make it easier, the
information below has been extracted from the changelog. Adjust it or drop
it.
.
mono (2.10.8.1-8+deb7u1) wheezy-security; urgency=high
.
* [c2afe08] Mono's implementation of the SSL/TLS stack failed to check
the order of the handshake messages. Which would allow various attacks
on the protocol to succeed. ("SKIP-TLS" attack).
(Closes: #780751, CVE-2015-2318)
* [997bd08] Remove the client-side SSLv2 fallback. There's almost no
SSLv3 web site left so a v2 fallback is only extra code we do not
need to carry forward. (Closes: #780751, CVE-2015-2320)
* [b570325] Remove the EXPORT ciphers and related code path. That was
still useful in 2003/2004 but the technical and legal landscape changed
a lot since then. Removing the old, limited key size, cipher suites
also allow removed additional parts of the code that deals with them.
("FREAK" attack) (Closes: #780751, CVE-2015-2319)
|