[Secure-testing-commits] r44827 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Sep 22 19:26:33 UTC 2016


Author: carnil
Date: 2016-09-22 19:26:33 +0000 (Thu, 22 Sep 2016)
New Revision: 44827

Modified:
   data/CVE/list
Log:
Document fixes for openssl upload to unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-22 19:11:18 UTC (rev 44826)
+++ data/CVE/list	2016-09-22 19:26:33 UTC (rev 44827)
@@ -5764,7 +5764,7 @@
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 CVE-2016-6306
 	RESERVED
-	- openssl <unfixed>
+	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=ff553f837172ecb2b5c8eca257ec3c5619a4b299
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
@@ -5776,18 +5776,16 @@
 CVE-2016-6304 [OCSP Status Request extension unbounded memory growth]
 	RESERVED
 	[experimental] - openssl 1.1.0a-1
-	- openssl <unfixed>
+	- openssl 1.0.2i-1
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.1.0a, 1.0.2i, 1.0.1u
 CVE-2016-6303 (Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c ...)
-	[experimental] - openssl 1.1.0-1
-	- openssl <unfixed>
+	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before ...)
-	[experimental] - openssl 1.1.0-1
-	- openssl <unfixed>
+	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
@@ -19339,32 +19337,32 @@
 	NOTE: Python issue: https://bugs.python.org/issue27850
 	TODO: not clear if this should be assigned to individual source, like openssl and nss (openpvn got a own CVE)
 CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 ...)
-	- openssl <unfixed>
+	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL before ...)
-	- openssl <unfixed>
+	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2180 (The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 ...)
-	- openssl <unfixed>
+	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not properly ...)
-	- openssl <unfixed>
+	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2178 (The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL ...)
-	- openssl <unfixed> (low)
+	- openssl 1.0.2i-1 (low)
 	NOTE: Fixed in master branch in https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2177 (OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for ...)
-	- openssl <unfixed> (low)
+	- openssl 1.0.2i-1 (low)
 	NOTE: Fixed in 1.0.2 branch in https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
 	NOTE: https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt




More information about the Secure-testing-commits mailing list