[Secure-testing-commits] r41378 - data/CVE

Alessandro Ghedini ghedo at moszumanska.debian.org
Tue May 3 14:34:38 UTC 2016


Author: ghedo
Date: 2016-05-03 14:34:38 +0000 (Tue, 03 May 2016)
New Revision: 41378

Modified:
   data/CVE/list
Log:
Update openssl issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-03 14:33:03 UTC (rev 41377)
+++ data/CVE/list	2016-05-03 14:34:38 UTC (rev 41378)
@@ -6297,9 +6297,9 @@
 	RESERVED
 CVE-2016-2177
 	RESERVED
-CVE-2016-2176
+CVE-2016-2176 [EBCDIC overread]
 	RESERVED
-	- openssl <unfixed>
+	- openssl <not-affected> (Only affects EBCDIC systems)
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2175
@@ -6496,27 +6496,27 @@
 	{DSA-3548-1}
 	- samba 2:4.3.7+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html
-CVE-2016-2109
+CVE-2016-2109 [ASN.1 BIO excessive memory allocation]
 	RESERVED
 	- openssl <unfixed> (low)
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2108
+CVE-2016-2108 [Memory corruption in the ASN.1 encoder]
 	RESERVED
 	- openssl 1.0.2c-1
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2107
+CVE-2016-2107 [Padding oracle in AES-NI CBC MAC check]
 	RESERVED
 	- openssl <unfixed>
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2106
+CVE-2016-2106 [EVP_EncryptUpdate overflow]
 	RESERVED
-	- openssl <unfixed>
+	- openssl <unfixed> (low)
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2105
+CVE-2016-2105 [EVP_EncodeUpdate overflow]
 	RESERVED
-	- openssl <unfixed>
+	- openssl <unfixed> (low)
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2104




More information about the Secure-testing-commits mailing list