* SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
- debian/patches/CVE-2014-3616.patch: Use a random value for session id
context, since there is no support for shared TLS Session Tickets in
this version in src/event/ngx_event_openssl.c.
- CVE-2014-3616
-- Lev Lazinskiy <email address hidden> Fri, 05 Dec 2014 22:25:50 -0500
This bug was fixed in the package nginx - 1.1.19-1ubuntu0.7
---------------
nginx (1.1.19-1ubuntu0.7) precise-security; urgency=medium
* SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478) patches/ CVE-2014- 3616.patch: Use a random value for session id ngx_event_ openssl. c.
- debian/
context, since there is no support for shared TLS Session Tickets in
this version in src/event/
- CVE-2014-3616
-- Lev Lazinskiy <email address hidden> Fri, 05 Dec 2014 22:25:50 -0500