[Secure-testing-commits] r34030 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat May 2 15:06:14 UTC 2015
Author: carnil
Date: 2015-05-02 15:06:14 +0000 (Sat, 02 May 2015)
New Revision: 34030
Modified:
data/CVE/list
Log:
Remove openjdk-6 entry in CVE-2015-0204
This CVE has specifically as scope only client code based on OpenSSL,
not EXPORT_RSA issues associated with servers or other TLS
implementations. This CVE seems wrongly used as well for Java in
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-02 14:55:29 UTC (rev 34029)
+++ data/CVE/list 2015-05-02 15:06:14 UTC (rev 34030)
@@ -11383,7 +11383,6 @@
CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before ...)
{DSA-3125-1 DLA-132-1}
- openssl 1.0.1k-1
- - openjdk-6 <unfixed>
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=37580f43b5a39f5f4e920d17273fab9713d3a744
CVE-2015-0203
RESERVED
More information about the Secure-testing-commits
mailing list