[Secure-testing-commits] r37541 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-11-03 21:28:59 +0000 (Tue, 03 Nov 2015)
New Revision: 37541

Modified:
   data/CVE/list
Log:
Update information for CVE-2015-8036/polarssl

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-03 21:28:49 UTC (rev 37540)
+++ data/CVE/list	2015-11-03 21:28:59 UTC (rev 37541)
@@ -73,7 +73,12 @@
 CVE-2015-8037 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
 	TODO: check
 CVE-2015-8036 (Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x ...)
-	TODO: check
+	[experimental] - polarssl 1.3.14-0.1
+	- polarssl <unfixed>
+	[wheezy] - polarssl <not-affected> (Vulnerable code introduced later)
+	[squeeze] - polarssl <not-affected> (Vulnerable code introduced later)
+	NOTE: support for session tickets added in 1.3.0.
+	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
 CVE-2015-8034
 	RESERVED
 CVE-2014-9755