[Secure-testing-commits] r21161 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Wed Feb 6 08:18:34 UTC 2013
Author: thijs
Date: 2013-02-06 08:18:34 +0000 (Wed, 06 Feb 2013)
New Revision: 21161
Modified:
data/CVE/list
Log:
"Lucky 13" tls timing attack flaw
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-06 07:33:46 UTC (rev 21160)
+++ data/CVE/list 2013-02-06 08:18:34 UTC (rev 21161)
@@ -1,3 +1,18 @@
+CVE-2013-1624 [Lucky 13 TLS protocol flaw in bouncy castle]
+ - bouncycastle <unfixed>
+CVE-2013-1623 [Lucky 13 TLS protocol flaw in yassl]
+ - mysql-5.1 <unfixed>
+ - mysql-dfsg-5.0 <unfixed>
+CVE-2013-1622 [Lucky 13 TLS protocol flaw in polarssl]
+ - polarssl <unfixed>
+CVE-2013-1621 [Lucky 13 TLS protocol flaw in polarssl]
+ - polarssl <unfixed>
+CVE-2013-1620 [Lucky 13 TLS protocol flaw in nss]
+ - nss <unfixed>
+CVE-2013-1619 [Lucky 13 TLS protocol flaw in gnutls]
+ - gnutls <unfixed>
+CVE-2013-1618 [Lucky 13 TLS protocol flaw in Opera]
+ NOT-FOR-US: Opera
CVE-2013-1617
RESERVED
CVE-2013-1616
@@ -3638,8 +3653,9 @@
[squeeze] - libvirt <not-affected> (Vulnerable code not present, see bug #699224)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
-CVE-2013-0169
+CVE-2013-0169 [Lucky 13 TLS protocol timing flaw]
RESERVED
+ NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
CVE-2013-0168
RESERVED
NOTE: RHEV management tool
More information about the Secure-testing-commits
mailing list