[Secure-testing-commits] r36225 - data/CVE

Alessandro Ghedini ghedo at moszumanska.debian.org
Thu Aug 20 19:32:09 UTC 2015 

Author: ghedo
Date: 2015-08-20 19:32:09 +0000 (Thu, 20 Aug 2015)
New Revision: 36225

Modified:
   data/CVE/list
Log:
Update links to OpenSSL advisories

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-08-20 19:29:21 UTC (rev 36224)
+++ data/CVE/list	2015-08-20 19:32:09 UTC (rev 36225)
@@ -12904,11 +12904,11 @@
 	[jessie] - openssl <not-affected> (Vulnerable code not present)
 	[wheezy] - openssl <not-affected> (Vulnerable code not present)
 	[squeeze] - openssl <not-affected> (Vulnerable code not present)
-	NOTE: http://openssl.org/news/secadv_20150709.txt
+	NOTE: http://openssl.org/news/secadv/20150709.txt
 CVE-2015-1792 (The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before ...)
 	{DSA-3287-1 DLA-247-1}
 	- openssl 1.0.2b-1
-	NOTE: http://openssl.org/news/secadv_20150611.txt
+	NOTE: http://openssl.org/news/secadv/20150611.txt
 CVE-2015-1791 (Race condition in the ssl3_get_new_session_ticket function in ...)
 	{DSA-3287-1 DLA-247-1}
 	- openssl 1.0.2b-1
@@ -12918,16 +12918,16 @@
 CVE-2015-1790 (The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL ...)
 	{DSA-3287-1 DLA-247-1}
 	- openssl 1.0.2b-1
-	NOTE: http://openssl.org/news/secadv_20150611.txt
+	NOTE: http://openssl.org/news/secadv/20150611.txt
 CVE-2015-1789 (The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before ...)
 	{DSA-3287-1 DLA-247-1}
 	- openssl 1.0.2b-1
-	NOTE: http://openssl.org/news/secadv_20150611.txt
+	NOTE: http://openssl.org/news/secadv/20150611.txt
 CVE-2015-1788 (The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before ...)
 	{DSA-3287-1}
 	- openssl 1.0.2b-1
 	[squeeze] - openssl <not-affected> (Vulnerable code got introduced post 1.0.0)
-	NOTE: http://openssl.org/news/secadv_20150611.txt
+	NOTE: http://openssl.org/news/secadv/20150611.txt
 CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL ...)
 	- openssl <not-affected> (Vulnerable version never in unstable)
 	NOTE: did affect 1.0.2 (only in experimental) and 1.0.2a was uploaded to unstable
@@ -22562,7 +22562,7 @@
 CVE-2014-8176 (The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before ...)
 	{DSA-3287-1 DLA-247-1}
 	- openssl 1.0.1h-1
-	NOTE: http://openssl.org/news/secadv_20150611.txt
+	NOTE: http://openssl.org/news/secadv/20150611.txt
 CVE-2014-8175 (Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to ...)
 	NOT-FOR-US: JBoss Fuse
 CVE-2014-8174
@@ -44093,7 +44093,7 @@
 	- openssl 1.0.1g-1 (bug #743883)
 	[squeeze] - openssl <not-affected> (vulnerable code introduced in upstream commit 4817504)
 	NOTE: fix: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902
-	NOTE: http://www.openssl.org/news/secadv_20140407.txt
+	NOTE: http://www.openssl.org/news/secadv/20140407.txt
 	NOTE: system reboot is recommended after the upgrade
 CVE-2014-0159 (Buffer overflow in the GetStatistics64 remote procedure call (RPC) in ...)
 	{DSA-2899-1}
@@ -74677,7 +74677,7 @@
 	{DSA-2475-1}
 	- openssl 1.0.1c-1 (bug #672452)
 	NOTE: http://seclists.org/oss-sec/2012/q2/299
-	NOTE: http://www.openssl.org/news/secadv_20120510.txt
+	NOTE: http://www.openssl.org/news/secadv/20120510.txt
 CVE-2012-2332 (SQL injection vulnerability in serendipity/serendipity_admin.php in ...)
 	- serendipity <removed> (bug #671937; low)
 	[squeeze] - serendipity <no-dsa> (Minor issue)
@@ -75270,7 +75270,7 @@
 CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL ...)
 	{DSA-2454-1}
 	- openssl 1.0.1a-1
-	NOTE: http://www.openssl.org/news/secadv_20120419.txt
+	NOTE: http://www.openssl.org/news/secadv/20120419.txt
 CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress plugin ...)
 	NOT-FOR-US: wordpress buddypress plugin
 CVE-2012-2108 (Stack-based buffer overflow in the main function in util/lpci_main.c ...)
@@ -81422,7 +81422,7 @@
 CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, ...)
 	{DSA-2392-1}
 	- openssl 1.0.0g-1
-	NOTE: http://www.openssl.org/news/secadv_20120118.txt
+	NOTE: http://www.openssl.org/news/secadv/20120118.txt
 CVE-2012-0049
 	RESERVED
 	{DSA-2524-1}
@@ -96725,7 +96725,7 @@
 	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...)
 	- openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902)
-	NOTE: http://www.openssl.org/news/secadv_20101202.txt
+	NOTE: http://www.openssl.org/news/secadv/20101202.txt
 CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel ...)
 	- linux-2.6 2.6.32-22
 CVE-2010-4250 (Memory leak in the inotify_init1 function in ...)
@@ -96915,7 +96915,7 @@
 CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...)
 	{DSA-2141-1}
 	- openssl 0.9.8o-4
-	NOTE: http://www.openssl.org/news/secadv_20101202.txt
+	NOTE: http://www.openssl.org/news/secadv/20101202.txt
 CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging, ...)
 	NOT-FOR-US: RedHat documentation of MRG
 CVE-2010-4178
@@ -106782,7 +106782,7 @@
 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...)
 	- openssl 0.9.8n-1 (medium; bug #575607)
 	[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
-	NOTE: http://www.openssl.org/news/secadv_20100324.txt
+	NOTE: http://www.openssl.org/news/secadv/20100324.txt
 CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips ...)
 	- texlive-bin 2009-6 (low; bug #560668)
 	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3

More information about the Secure-testing-commits mailing list