CVE-2012-4929

NameCVE-2012-4929
DescriptionThe TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...
SourceCVE (at NVD; oss-sec, OSVDB, EDB, Red Hat, Ubuntu, Gentoo, SuSE, more)
ReferencesDSA-2579-1, DSA-2626-1, DSA-2627-1
Debian Bugs689936, 700399, 700426, 728055
Debian/oldstablepackages openssl, qt4-x11 are vulnerable.
Debian/stablepackage openssl is vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache2 (PTS)squeeze (security)2.2.16-6+squeeze11fixed
squeeze2.2.16-6+squeeze12fixed
wheezy2.2.22-13+deb7u1fixed
jessie, sid2.4.9-1fixed
chromium-browser (PTS)squeeze, squeeze (security)6.0.472.63~r59945-5+squeeze6fixed
wheezy31.0.1650.63-1~deb7u1fixed
jessie33.0.1750.152-1fixed
wheezy (security)34.0.1847.116-1~deb7u1fixed
sid34.0.1847.116-2fixed
iceweasel (PTS)squeeze, squeeze (security)3.5.16-20fixed
wheezy17.0.10esr-1~deb7u1fixed
wheezy (security)24.4.0esr-1~deb7u2fixed
jessie, sid24.4.0esr-1fixed
lighttpd (PTS)squeeze1.4.28-2+squeeze1.5fixed
squeeze (security)1.4.28-2+squeeze1.6fixed
wheezy1.4.31-4+deb7u2fixed
wheezy (security)1.4.31-4+deb7u3fixed
jessie, sid1.4.35-2fixed
nginx (PTS)squeeze, squeeze (security)0.7.67-3+squeeze3fixed
wheezy, wheezy (security)1.2.1-2.2+wheezy2fixed
jessie1.4.7-1fixed
sid1.4.7-2fixed
openssl (PTS)squeeze, squeeze (security)0.9.8o-4squeeze14vulnerable
wheezy1.0.1e-2+deb7u4vulnerable
wheezy (security)1.0.1e-2+deb7u7vulnerable
jessie1.0.1g-2fixed
sid1.0.1g-3fixed
qt4-x11 (PTS)squeeze4:4.6.3-4+squeeze1vulnerable
wheezy4:4.8.2+dfsg-11fixed
jessie, sid4:4.8.5+git242-g0315971+dfsg-2fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apache2source(unstable)2.2.22-12689936
apache2sourcesqueeze2.2.16-6+squeeze10DSA-2579-1
chromium-browsersource(unstable)22.0.1229.94~r161065-1
chromium-browsersourcesqueeze(not affected)
iceweaselsource(unstable)(not affected)
lighttpdsource(unstable)1.4.30-1700399
lighttpdsourcesqueeze1.4.28-2+squeeze1.2DSA-2626-1
nginxsource(unstable)1.2.1-2.2700426
nginxsourcesqueeze0.7.67-3+squeeze3DSA-2627-1
opensslsource(unstable)1.0.1e-5low728055
qt4-x11source(unstable)4:4.8.2+dfsg-3

Notes

- iceweasel <not-affected> (Firefox ESV not use TLS/SSL compression)
Chromium fix: https://chromiumcodereview.appspot.com/10825183/
[squeeze] - qt4-x11 <no-dsa> (Minor issue)
[wheezy] - openssl <no-dsa> (Minor issue)
[squeeze] - openssl <no-dsa> (Minor issue)
openssl redhat announcement https://rhn.redhat.com/errata/RHSA-2013-0587.html

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)