[Secure-testing-commits] r29418 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Oct 15 16:27:01 UTC 2014


Author: jmm
Date: 2014-10-15 16:27:01 +0000 (Wed, 15 Oct 2014)
New Revision: 29418

Modified:
   data/CVE/list
   data/dla-needed.txt
   data/dsa-needed.txt
Log:
new openssl issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-15 14:36:19 UTC (rev 29417)
+++ data/CVE/list	2014-10-15 16:27:01 UTC (rev 29418)
@@ -1897,8 +1897,7 @@
 	RESERVED
 CVE-2014-7193 [Crumb CORS Token Disclosure]
 	RESERVED
-	NOTE: https://nodesecurity.io/advisories/crumb_cors_token_disclosure
-	TODO: check
+	NOT-FOR-US: Crumb
 CVE-2014-7192
 	RESERVED
 CVE-2014-7191 [qs Denial-of-Service Memory Exhaustion]
@@ -10387,10 +10386,12 @@
 	RESERVED
 CVE-2014-3569
 	RESERVED
-CVE-2014-3568
+CVE-2014-3568 [Build option no-ssl3 is incomplete]
 	RESERVED
-CVE-2014-3567
+	- openssl <unfixed>
+CVE-2014-3567 [Session Ticket Memory Leak]
 	RESERVED
+	- openssl <unfixed>
 CVE-2014-3566 [POODLE attack against SSLv3]
 	RESERVED
 	- openssl <unfixed>
@@ -10584,8 +10585,10 @@
 	- ruby-activerecord-2.3 <not-affected> (Only affects 4.0.0 and all Later Versions)
 	- ruby-activerecord-3.2 <not-affected> (Only affects 4.0.0 and all Later Versions)
 	TODO: needs to check the others rails versions
-CVE-2014-3513
+CVE-2014-3513 [SRTP Memory Leak]
 	RESERVED
+        - openssl <unfixed>
+        [squeeze] - openssl <not-affected> (DLTS SRTP introduced in 1.0.1)
 CVE-2014-3512 (Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP ...)
 	{DSA-2998-1}
 	- openssl 1.0.1i-1

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2014-10-15 14:36:19 UTC (rev 29417)
+++ data/dla-needed.txt	2014-10-15 16:27:01 UTC (rev 29418)
@@ -54,6 +54,8 @@
 --
 nss
 --
+openssl
+--
 openjdk-6
 --
 ppp (Andrew Bartlett)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-10-15 14:36:19 UTC (rev 29417)
+++ data/dsa-needed.txt	2014-10-15 16:27:01 UTC (rev 29418)
@@ -36,6 +36,8 @@
 --
 nss
 --
+openssl
+--
 openswan (corsac)
   NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466
   (#744717)




More information about the Secure-testing-commits mailing list