[Secure-testing-commits] r21164 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Wed Feb 6 11:11:29 UTC 2013
Author: thijs
Date: 2013-02-06 11:11:28 +0000 (Wed, 06 Feb 2013)
New Revision: 21164
Modified:
data/CVE/list
Log:
bugs filed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-06 10:16:00 UTC (rev 21163)
+++ data/CVE/list 2013-02-06 11:11:28 UTC (rev 21164)
@@ -1,14 +1,14 @@
CVE-2013-1624 [Lucky 13 TLS protocol flaw in bouncy castle]
- - bouncycastle <unfixed>
+ - bouncycastle <unfixed> (bug #699885)
CVE-2013-1623 [Lucky 13 TLS protocol flaw in yassl]
- mysql-5.1 <unfixed>
- - mysql-5.5 <unfixed>
+ - mysql-5.5 <unfixed> (bug #699886)
CVE-2013-1622 [Lucky 13 TLS protocol flaw in polarssl]
- - polarssl <unfixed>
+ - polarssl <unfixed> (bug #699887)
CVE-2013-1621 [Lucky 13 TLS protocol flaw in polarssl]
- - polarssl <unfixed>
+ - polarssl <unfixed> (bug #699887)
CVE-2013-1620 [Lucky 13 TLS protocol flaw in nss]
- - nss <unfixed>
+ - nss <unfixed> (bug #699888)
CVE-2013-1619 [Lucky 13 TLS protocol flaw in gnutls]
- gnutls26 2.12.20-4
- gnutls28 <unfixed>
@@ -3662,8 +3662,9 @@
NOTE: RHEV management tool
CVE-2013-0167
RESERVED
-CVE-2013-0166
+CVE-2013-0166 [openssl OCSP invalid key DoS issue]
RESERVED
+ - openssl <unfixed> (bug #699889)
CVE-2013-0165
RESERVED
CVE-2013-0164
@@ -13526,8 +13527,11 @@
CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- apache2 2.2.22-8 (low)
[squeeze] - apache2 2.2.16-6+squeeze8
-CVE-2012-2686
+CVE-2012-2686 [openssl TLS 1.1 and 1.2 AES-NI crash]
RESERVED
+ - openssl <unfixed> (low; bug #699889)
+ [squeeze] - openssl <not-affected> (Vulnerable code not present)
+ NOTE: DoS in specific protocol + cpu type combination
CVE-2012-2685 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
NOT-FOR-US: Cumin
CVE-2012-2684 (Multiple SQL injection vulnerabilities in the ...)
More information about the Secure-testing-commits
mailing list