Summary: | Disable MD2 digest algorithm (CVE-2009-2409) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | pva |
Priority: | High | Keywords: | Tracker |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 | ||
Whiteboard: | A4 | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 280591, 280595 | ||
Bug Blocks: |
Description
Stefan Behte (RETIRED)
2009-08-03 22:09:13 UTC
Mozilla team I recommend a stabilization of nspr-4.8 with nss-3.12.3, the thunderbird bug on memory is unconfirmed in my opinion, and security takes presidency. Multi-package bugs with several maintainers make no sense. Please use single bugs and a tracker if appropriate. gnutls 2.6.6 is stable and all versions before 2.6.5 are affected by another GLSA, so this is not an issue. The NSS library before 3.12.3. 3.12.3-r1 was stabilized in bug 280839 closed Sept 2009. GnuTLS before 2.6.4 and 2.7.4; 2.6.4 was stabilized in bug 264392 and 2.7.6 was stabilized in bug 259018 OpenSSL 0.9.8 through 0.9.8k; 0.9.8l was stabilized in bug 292022 This is a tracker for multiple packages that have been handled individually, as no remaining deps exists I'm closing this. |