Univention Bugzilla – Bug 51708
erlang: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:41 CEST
New Debian erlang 1:19.2.1+dfsg-2+deb9u3 fixes: This update addresses the following issue: * yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks. (CVE-2020-12872)
--- mirror/ftp/4.4/unmaintained/4.4-0/source/erlang_19.2.1+dfsg-2+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/erlang_19.2.1+dfsg-2+deb9u3.dsc @@ -1,3 +1,9 @@ +1:19.2.1+dfsg-2+deb9u3 [Tue, 26 May 2020 12:35:09 +0300] Sergei Golovan <sgolovan@debian.org>: + + * Applied a patch which fixes CVE-2020-12872 vulnerability revealed + for the Yaws web server (TLS server offers weak ciphers for TLS 1.0). + (closes: #961422) + 1:19.2.1+dfsg-2+deb9u2 [Fri, 08 Feb 2019 23:28:34 +0100] Andreas Beckmann <anbe@debian.org>: [ Andreas Beckmann ] <http://10.200.17.11/4.4-5/#482971441024773279>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 1a7e3a6048 Bug #51708: erlang 1:19.2.1+dfsg-2+deb9u3 doc/errata/staging/erlang.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) [4.4-5] 766beb24f7 Bug #51708: erlang 1:19.2.1+dfsg-2+deb9u3 doc/errata/staging/erlang.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x657>