[SECURITY] [DLA 282-1] lighttpd security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 282-1] lighttpd security update
From: Guido Günther <agx@debian.org>
Date: Sat, 25 Jul 2015 16:29:15 +0200
Message-id: <[🔎] 20150725142915.GA26058@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@debian.org>, debian-lts-announce@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : lighttpd
Version        : 1.4.28-2+squeeze1.7
CVE ID         : CVE-2014-3566
Debian Bug     : #765702

This update allows to disable SSLv3 in lighttpd in order to protect
against the POODLE attack. SSLv3 is now disabled by default and can be
reenabled (if needed) using the ssl.use-sslv3 option.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 279-1] python-tornado security update
Next by Date: [SECURITY] [DLA 280-1] ghostscript security update
Previous by thread: [SECURITY] [DLA 279-1] python-tornado security update
Next by thread: [SECURITY] [DLA 280-1] ghostscript security update
Index(es):
- Date
- Thread