[Secure-testing-commits] r34895 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jun 11 17:36:05 UTC 2015
Author: carnil
Date: 2015-06-11 17:36:04 +0000 (Thu, 11 Jun 2015)
New Revision: 34895
Modified:
data/CVE/list
Log:
Update CVE-2015-1787
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-11 17:32:54 UTC (rev 34894)
+++ data/CVE/list 2015-06-11 17:36:04 UTC (rev 34895)
@@ -7306,7 +7306,8 @@
- openssl 1.0.2b-1
NOTE: http://openssl.org/news/secadv_20150611.txt
CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL ...)
- - openssl 1.0.2a-1
+ - openssl <not-affected> (Vulnerable version newer in unstable)
+ NOTE: did affect 1.0.2 (only in experimental) and 1.0.2a was uploaded to unstable
CVE-2015-1786 [Invalid CSRF validation of null or incorrectly formatted token identifiers]
RESERVED
- zendframework <not-affected> (the vulnerability was introduced specifically in the 2.3 series)
More information about the Secure-testing-commits
mailing list