[Secure-testing-commits] r47108 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 15 17:48:23 UTC 2016
Author: carnil
Date: 2016-12-15 17:48:23 +0000 (Thu, 15 Dec 2016)
New Revision: 47108
Modified:
data/CVE/list
Log:
There is some confusion around CVE-2016-9574
The scope of the CVE is unclear. Either it is for the segfault only
part. Then this should have been fixed (but still to be confirmed)
somewhere before 3.26, presumably in 3.24.
If the scope is for "Using SessionTicket extension along with any
ECDHE-ECDSA ciphersuite renders selfserv unusable", then this is still
open up to 3.27 upstream.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-15 17:41:39 UTC (rev 47107)
+++ data/CVE/list 2016-12-15 17:48:23 UTC (rev 47108)
@@ -7966,7 +7966,10 @@
NOTE: The issue persists (although without segfault) up to 3.27. Using SessionTicket extension along
NOTE: with any ECDHE-ECDSA ciphersuite renders unusable any subsequent connection to selfserv.
NOTE: Proposed patch (not yet) finalized in upstream bug 1320695.
- NOTE: Scope of the CVE is not yet clear.
+ NOTE: Scope of the CVE is not yet clear. It is not clear if the CVE is for the whole mentioned
+ NOTE: issue or just for the segfault part. If it is for the segfault part we still need
+ NOTE: to pingpoint the version fixing the issue, which should be somewhere before 3.26
+ NOTE: upstream version.
CVE-2016-9573
RESERVED
- openjpeg2 <unfixed>
More information about the Secure-testing-commits
mailing list