[Secure-testing-commits] r38295 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 15 05:28:47 UTC 2015
Author: carnil
Date: 2015-12-15 05:28:47 +0000 (Tue, 15 Dec 2015)
New Revision: 38295
Modified:
data/CVE/list
Log:
Make clear two CVEs affect mbedtls but was fixed already in version initially released in Debian
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-15 05:21:07 UTC (rev 38294)
+++ data/CVE/list 2015-12-15 05:28:47 UTC (rev 38295)
@@ -2819,6 +2819,7 @@
CVE-2015-8037 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
NOT-FOR-US: Fortinet
CVE-2015-8036 (Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x ...)
+ - mbedtls <not-affected> (Fixed before the initial release to Debian)
[experimental] - polarssl 1.3.14-0.1
- polarssl <unfixed>
[wheezy] - polarssl <not-affected> (Vulnerable code introduced later)
@@ -10186,6 +10187,7 @@
NOTE: https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
CVE-2015-5291 (Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed ...)
{DLA-331-1}
+ - mbedtls <not-affected> (Fixed before the initial release to Debian)
[experimental] - polarssl 1.3.14-0.1
- polarssl <unfixed> (bug #801413)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
More information about the Secure-testing-commits
mailing list