[Secure-testing-commits] r47098 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 15 12:00:57 UTC 2016
Author: carnil
Date: 2016-12-15 12:00:55 +0000 (Thu, 15 Dec 2016)
New Revision: 47098
Modified:
data/CVE/list
Log:
Update for CVE-2016-9574
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-15 09:50:55 UTC (rev 47097)
+++ data/CVE/list 2016-12-15 12:00:55 UTC (rev 47098)
@@ -7956,11 +7956,12 @@
RESERVED
- freeipa <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311
-CVE-2016-9574 [Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA]
+CVE-2016-9574 [Using SessionTicket extension along with any ECDHE-ECDSA ciphersuite renders selfserv unusable]
RESERVED
- nss <unfixed>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1320695
- TODO: Currently beeing clarified which change after 3.17 and 3.21 addressed the issue
+ NOTE: The issue persists (although without segfault) up to 3.27. Using SessionTicket extension along
+ NOTE: with any ECDHE-ECDSA ciphersuite renders unusable any subsequent connection to selfserv.
CVE-2016-9573
RESERVED
- openjpeg2 <unfixed>
More information about the Secure-testing-commits
mailing list