[Secure-testing-commits] r40632 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Mar 29 15:45:39 UTC 2016
Author: carnil
Date: 2016-03-29 15:45:39 +0000 (Tue, 29 Mar 2016)
New Revision: 40632
Modified:
data/CVE/list
Log:
Slightly reorder notes for CVE-2015-7575
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-29 15:38:02 UTC (rev 40631)
+++ data/CVE/list 2016-03-29 15:45:39 UTC (rev 40632)
@@ -13914,12 +13914,15 @@
[squeeze] - nss <not-affected> (only affects nss post 2012-07-26)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/
NOTE: Patch in SuSE Bugzilla: https://bugzilla.novell.com/attachment.cgi?id=660286
+ NOTE: NSS upstream fix is actually in 3.20.2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
+ NOTE: NSS patch: https://hg.mozilla.org/projects/nss/raw-rev/891676aa0d85
- openssl 1.0.1f-1
[squeeze] - openssl <not-affected> (Vulnerable code not present)
NOTE: OpenSSL fix: https://git.openssl.org/?p=openssl.git;a=commit;h=5e1ff664f95ab4c9176b3e86b5111e5777bad61a
- openjdk-8 7u95-2.6.4-1
- openjdk-7 7u95-2.6.4-1
- openjdk-6 <removed>
+ NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef
- gnutls28 3.3.15-1
[jessie] - gnutls28 3.3.8-6+deb8u3
- gnutls26 <removed>
@@ -13931,9 +13934,6 @@
NOTE: https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182
NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8
NOTE: http://www.mitls.org/pages/attacks/SLOTH
- NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef
- NOTE: NSS upstream fix is actually in 3.20.2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
- NOTE: NSS patch: https://hg.mozilla.org/projects/nss/raw-rev/891676aa0d85
TODO: check other possible affected libraries (PolarSSL/mbedTLS, ...)
CVE-2015-7574
RESERVED
More information about the Secure-testing-commits
mailing list