[Secure-testing-commits] r34892 - data/CVE
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Jun 11 17:27:52 UTC 2015
Author: kroeckx
Date: 2015-06-11 17:27:52 +0000 (Thu, 11 Jun 2015)
New Revision: 34892
Modified:
data/CVE/list
Log:
Update OpenSSL issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-11 17:25:53 UTC (rev 34891)
+++ data/CVE/list 2015-06-11 17:27:52 UTC (rev 34892)
@@ -1180,6 +1180,7 @@
NOTE: https://lkml.org/lkml/2015/5/13/744
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...)
+ - openssl 1.0.2b-1
NOTE: CVE assigned specific to vulnerability in the TLS protocol that was
NOTE: disclosed in section 3.2 of the
NOTE: https://weakdh.org/imperfect-forward-secrecy.pdf paper.
@@ -7283,28 +7284,28 @@
RESERVED
CVE-2015-1792 [CMS verify infinite loop with unknown hash function]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.2b-1
NOTE: http://openssl.org/news/secadv_20150611.txt
CVE-2015-1791 [race condition in NewSessionTicket]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.2b-1
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb
CVE-2015-1790 [PKCS7 crash with missing EnvelopedContent]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.2b-1
NOTE: http://openssl.org/news/secadv_20150611.txt
CVE-2015-1789 [Exploitable out-of-bounds read in X509_cmp_time]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.2b-1
NOTE: http://openssl.org/news/secadv_20150611.txt
CVE-2015-1788 [Malformed ECParameters causes infinite loop]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.2b-1
NOTE: http://openssl.org/news/secadv_20150611.txt
CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL ...)
- - openssl <not-affected> (Only affects 1.0.2, only in experimental)
+ - openssl 1.0.2a-1
CVE-2015-1786 [Invalid CSRF validation of null or incorrectly formatted token identifiers]
RESERVED
- zendframework <not-affected> (the vulnerability was introduced specifically in the 2.3 series)
@@ -16797,7 +16798,7 @@
RESERVED
CVE-2014-8176 [Invalid free in DTLS]
RESERVED
- - openssl <unfixed>
+ - openssl 1.0.2-1
NOTE: http://openssl.org/news/secadv_20150611.txt
CVE-2014-8175
RESERVED
More information about the Secure-testing-commits
mailing list