[Secure-testing-commits] r29418 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Oct 15 16:27:01 UTC 2014
Author: jmm
Date: 2014-10-15 16:27:01 +0000 (Wed, 15 Oct 2014)
New Revision: 29418
Modified:
data/CVE/list
data/dla-needed.txt
data/dsa-needed.txt
Log:
new openssl issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-15 14:36:19 UTC (rev 29417)
+++ data/CVE/list 2014-10-15 16:27:01 UTC (rev 29418)
@@ -1897,8 +1897,7 @@
RESERVED
CVE-2014-7193 [Crumb CORS Token Disclosure]
RESERVED
- NOTE: https://nodesecurity.io/advisories/crumb_cors_token_disclosure
- TODO: check
+ NOT-FOR-US: Crumb
CVE-2014-7192
RESERVED
CVE-2014-7191 [qs Denial-of-Service Memory Exhaustion]
@@ -10387,10 +10386,12 @@
RESERVED
CVE-2014-3569
RESERVED
-CVE-2014-3568
+CVE-2014-3568 [Build option no-ssl3 is incomplete]
RESERVED
-CVE-2014-3567
+ - openssl <unfixed>
+CVE-2014-3567 [Session Ticket Memory Leak]
RESERVED
+ - openssl <unfixed>
CVE-2014-3566 [POODLE attack against SSLv3]
RESERVED
- openssl <unfixed>
@@ -10584,8 +10585,10 @@
- ruby-activerecord-2.3 <not-affected> (Only affects 4.0.0 and all Later Versions)
- ruby-activerecord-3.2 <not-affected> (Only affects 4.0.0 and all Later Versions)
TODO: needs to check the others rails versions
-CVE-2014-3513
+CVE-2014-3513 [SRTP Memory Leak]
RESERVED
+ - openssl <unfixed>
+ [squeeze] - openssl <not-affected> (DLTS SRTP introduced in 1.0.1)
CVE-2014-3512 (Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP ...)
{DSA-2998-1}
- openssl 1.0.1i-1
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2014-10-15 14:36:19 UTC (rev 29417)
+++ data/dla-needed.txt 2014-10-15 16:27:01 UTC (rev 29418)
@@ -54,6 +54,8 @@
--
nss
--
+openssl
+--
openjdk-6
--
ppp (Andrew Bartlett)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-10-15 14:36:19 UTC (rev 29417)
+++ data/dsa-needed.txt 2014-10-15 16:27:01 UTC (rev 29418)
@@ -36,6 +36,8 @@
--
nss
--
+openssl
+--
openswan (corsac)
NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466
(#744717)
More information about the Secure-testing-commits
mailing list