[Secure-testing-commits] r31198 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-01-08 17:21:42 +0000 (Thu, 08 Jan 2015)
New Revision: 31198

Modified:
   data/CVE/list
Log:
Add new openssl issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-08 14:59:28 UTC (rev 31197)
+++ data/CVE/list	2015-01-08 17:21:42 UTC (rev 31198)
@@ -2413,12 +2413,17 @@
 	RESERVED
 CVE-2015-0207
 	RESERVED
-CVE-2015-0206
+CVE-2015-0206 [DTLS memory leak in dtls1_buffer_record]
 	RESERVED
-CVE-2015-0205
+	- openssl <unfixed>
+	[squeeze] - openssl <not-affected> (Affects 1.0.1 and 1.0.0)
+CVE-2015-0205 [DH client certificates accepted without verification [Server]]
 	RESERVED
-CVE-2015-0204
+	- openssl <unfixed>
+	[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.0)
+CVE-2015-0204 [RSA silently downgrades to EXPORT_RSA [Client]]
 	RESERVED
+	- openssl <unfixed>
 CVE-2015-0203
 	RESERVED
 CVE-2015-0202
@@ -4656,8 +4661,9 @@
 	RESERVED
 CVE-2014-8276
 	RESERVED
-CVE-2014-8275
+CVE-2014-8275 [Certificate fingerprints can be modified]
 	RESERVED
+	- openssl <unfixed>
 CVE-2014-8274
 	RESERVED
 CVE-2014-8273
@@ -15869,12 +15875,15 @@
 	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54764
 CVE-2014-3573 (The oVirt Engine backend module, as used in Red Hat Enterprise ...)
 	NOT-FOR-US: oVirt Engine
-CVE-2014-3572
+CVE-2014-3572 [ECDHE silently downgrades to ECDH [Client]]
 	RESERVED
-CVE-2014-3571
+	- openssl <unfixed>
+CVE-2014-3571 [DTLS segmentation fault in dtls1_get_record]
 	RESERVED
-CVE-2014-3570
+	- openssl <unfixed>
+CVE-2014-3570 [Bignum squaring may produce incorrect results]
 	RESERVED
+	- openssl <unfixed>
 CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j ...)
 	{DLA-81-1}
 	- openssl <unfixed>