Package "libmono-corlib4.5-cil"
Name: |
libmono-corlib4.5-cil
|
Description: |
Mono core library (for CLI 4.5)
|
Latest version: |
3.2.8+dfsg-4ubuntu1.1 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
mono |
Homepage: |
http://www.mono-project.com/ |
Links
Download "libmono-corlib4.5-cil"
Other versions of "libmono-corlib4.5-cil" in Trusty
Changelog
mono (3.2.8+dfsg-4ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: TLS impersonation attack
- debian/patches/CVE-2015-2318.patch: add handshake state validation to
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
- CVE-2015-2318
* SECURITY UPDATE: FREAK attack vulnerability
- debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
- CVE-2015-2319
* SECURITY UPDATE: SSLv2 support
- debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
- CVE-2015-2320
* debian/source/options: Don't use single-debian-patch for Ubuntu.
-- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 12:59:13 -0400
|
|
About
-
Send Feedback to @ubuntu_updates