[Secure-testing-commits] r31207 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jan 9 04:17:56 UTC 2015
Author: carnil
Date: 2015-01-09 04:17:55 +0000 (Fri, 09 Jan 2015)
New Revision: 31207
Modified:
data/CVE/list
Log:
openssl issues fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-09 04:14:45 UTC (rev 31206)
+++ data/CVE/list 2015-01-09 04:17:55 UTC (rev 31207)
@@ -2415,15 +2415,15 @@
RESERVED
CVE-2015-0206 [DTLS memory leak in dtls1_buffer_record]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.1k-1
[squeeze] - openssl <not-affected> (Affects 1.0.1 and 1.0.0)
CVE-2015-0205 [DH client certificates accepted without verification [Server]]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.1k-1
[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.0)
CVE-2015-0204 [RSA silently downgrades to EXPORT_RSA [Client]]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.1k-1
CVE-2015-0203
RESERVED
CVE-2015-0202
@@ -4663,7 +4663,7 @@
RESERVED
CVE-2014-8275 [Certificate fingerprints can be modified]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.1k-1
CVE-2014-8274
RESERVED
CVE-2014-8273
@@ -15880,16 +15880,16 @@
NOT-FOR-US: oVirt Engine
CVE-2014-3572 [ECDHE silently downgrades to ECDH [Client]]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.1k-1
CVE-2014-3571 [DTLS segmentation fault in dtls1_get_record]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.1k-1
CVE-2014-3570 [Bignum squaring may produce incorrect results]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.1k-1
CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j ...)
{DLA-81-1}
- - openssl <unfixed>
+ - openssl 1.0.1k-1
[wheezy] - openssl <not-affected> (Doesn't use no-ssl3 yet)
[squeeze] - openssl <not-affected> (Doesn't use no-ssl3 yet)
CVE-2014-3568 (OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j ...)
More information about the Secure-testing-commits
mailing list