[Secure-testing-commits] r39412 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Feb 2 14:46:29 UTC 2016
Author: carnil
Date: 2016-02-02 14:46:29 +0000 (Tue, 02 Feb 2016)
New Revision: 39412
Modified:
data/CVE/list
Log:
Update one socat issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-02 14:21:00 UTC (rev 39411)
+++ data/CVE/list 2016-02-02 14:46:29 UTC (rev 39412)
@@ -3,6 +3,12 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/01/5
CVE-2016-XXXX [Socat security advisory 7 - Created new 2048bit DH modulus]
- socat <unfixed>
+ [jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
+ [wheezy] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
+ [squeeze] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
+ NOTE: The issues is about "In the OpenSSL address implementation the hard coded 1024 bit DH
+ NOTE: p parameter was not prime.". Upstream has generated new parametes (and made it 2048
+ NOTE: bit long.
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/01/4
CVE-2015-XXXX [Type Confusion Vulnerability in PHP_to_XMLRPC_worker()]
- php5 5.6.17+dfsg-1
More information about the Secure-testing-commits
mailing list