PublicDateAtUSN: 2015-03-18
Candidate: CVE-2015-2319
PublicDate: 2018-01-08 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2319
 https://ubuntu.com/security/notices/USN-2547-1
Description:
 The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to
 conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS
 traffic, related to the "FREAK" issue, a different vulnerability than
 CVE-2015-0204.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780751
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_mono:
 upstream: https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10
 upstream: https://gist.github.com/directhex/728af6f96d1b8c976659 (prior to 3.x)
upstream_mono: released (3.2.8+dfsg-10,2.6.7-5.1+deb6u1)
lucid_mono: ignored (reached end-of-life)
precise_mono: released (2.10.8.1-1ubuntu2.3)
trusty_mono: released (3.2.8+dfsg-4ubuntu1.1)
trusty/esm_mono: released (3.2.8+dfsg-4ubuntu1.1)
utopic_mono: released (3.2.8+dfsg-4ubuntu2.1)
devel_mono: released (3.2.8+dfsg-4ubuntu4)