Hi, On Sun, Jun 04, 2017 at 08:26:19AM +0200, Moritz Mühlenhoff wrote: > On Sun, Aug 16, 2015 at 08:05:18AM +0200, Salvatore Bonaccorso wrote: > > Source: libapache2-mod-nss > > Version: 1.0.11-1 > > Severity: important > > Tags: security upstream > > > > Hi, > > > > the following vulnerability was published for libapache2-mod-nss, > > introduced with the update to 1.0.11. > > > > CVE-2015-3277[0]: > > incorrect multi-keyword mode cipherstring parsing > > > > The vulnerable code was added in 1.0.11[1] afaict. > > What's the status, this bug is 2.5 years old. Is this fixed in 1.0.14?
AFAICT, in ChangeLog up to 1.0.14 this seems still unresolved. The Red Hat bug seem to indicate that as well (note I adjusted the introducing commit reference in the security-tracker since the upstream git repo moved to pagure.io apparently). Salvatore

