Full_Name: Havard Eidnes Version: 2.4.44 OS: NetBSD URL: Submission from: (NULL) (2001:700:1:0:eeb1:d7ff:fe59:fbaa)
Hi,
CVE-2015-3276 appears to be unfixed in 2.4.44, and from several attempts at finding the bug reported in your mailing list archive I came up empty. So ... The best I've found from this CVE is RedHat's bugzilla entry at
https://bugzilla.redhat.com/show_bug.cgi?id=1238322
which contains a (suggested) patch.
Summarized:
The openldap (for NSS) emulation of the openssl cipherstring parsing code incorrectly implements the multi-keyword mode. As a consequence anyone using a combination like:
ECDH+SHA
will not get the expected set of ciphers [...]
(I'm somewhat dismayed that this was apparently not reported upstream earlier...)
Best regards,
- Håvard