[Secure-testing-commits] r43744 - data/CVE
Alessandro Ghedini
ghedo at moszumanska.debian.org
Wed Aug 3 12:34:13 UTC 2016
Author: ghedo
Date: 2016-08-03 12:34:13 +0000 (Wed, 03 Aug 2016)
New Revision: 43744
Modified:
data/CVE/list
Log:
Add fixed versions for curl issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-03 12:27:47 UTC (rev 43743)
+++ data/CVE/list 2016-08-03 12:34:13 UTC (rev 43744)
@@ -3318,21 +3318,21 @@
RESERVED
CVE-2016-5422
RESERVED
-CVE-2016-5421
+CVE-2016-5421 [TLS session resumption client cert bypass]
RESERVED
- - curl <unfixed>
+ - curl 7.50.1-1
[wheezy] - curl <not-affected> (introduced in 7.32.0)
NOTE: https://curl.haxx.se/docs/adv_20160803C.html
NOTE: Fixed by https://curl.haxx.se/CVE-2016-5421.patch
-CVE-2016-5420
+CVE-2016-5420 [Re-using connection with wrong client cert]
RESERVED
- - curl <unfixed>
+ - curl 7.50.1-1
NOTE: https://curl.haxx.se/docs/adv_20160803B.html
NOTE: Fixed by https://curl.haxx.se/CVE-2016-5420.patch
NOTE: Wheezy: vulnerable code is in lib/sslgen.c
-CVE-2016-5419
+CVE-2016-5419 [TLS session resumption client cert bypass]
RESERVED
- - curl <unfixed>
+ - curl 7.50.1-1
NOTE: https://curl.haxx.se/docs/adv_20160803A.html
NOTE: Fixed by https://curl.haxx.se/CVE-2016-5419.patch
NOTE: Wheezy: vulnerable code is in lib/sslgen.c
More information about the Secure-testing-commits
mailing list