[Secure-testing-commits] r34379 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu May 21 08:02:19 UTC 2015


Author: jmm
Date: 2015-05-21 08:02:19 +0000 (Thu, 21 May 2015)
New Revision: 34379

Modified:
   data/CVE/list
Log:
realmd no-dsa
add some links for weakdh


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-21 07:17:10 UTC (rev 34378)
+++ data/CVE/list	2015-05-21 08:02:19 UTC (rev 34379)
@@ -101,6 +101,10 @@
 	NOTE: CVE assigned specific to vulnerability in the TLS protocol that was
 	NOTE: disclosed in section 3.2 of the
 	NOTE: https://weakdh.org/imperfect-forward-secrecy.pdf paper.
+	NOTE: Some links on the status of various implementations/protocols:
+	NOTE: IKE/IPSEC: https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
+	NOTE: OpenSSL: https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
+        NOTE: GNUTLS: http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html
 CVE-2015-3999
 	RESERVED
 CVE-2015-3998
@@ -3520,6 +3524,7 @@
 	RESERVED
 CVE-2015-2704 (realmd allows remote attackers to inject arbitrary configurations in ...)
 	- realmd 0.16.0-1 (bug #781179)
+	[jessie] - realmd <no-dsa> (Minor issue)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=89207
 CVE-2015-2776 (The parse_SST function in FreeXL before 1.0.0i allows remote attackers ...)
 	{DSA-3208-1}




More information about the Secure-testing-commits mailing list