[Secure-testing-commits] r58329 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 7 14:34:28 UTC 2017
Author: carnil
Date: 2017-12-07 14:34:28 +0000 (Thu, 07 Dec 2017)
New Revision: 58329
Modified:
data/CVE/list
Log:
Add CVE-2017-3737
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-07 14:23:01 UTC (rev 58328)
+++ data/CVE/list 2017-12-07 14:34:28 UTC (rev 58329)
@@ -43464,8 +43464,15 @@
RESERVED
CVE-2017-3738
RESERVED
-CVE-2017-3737
+CVE-2017-3737 [Read/write after SSL object in error state]
RESERVED
+ - openssl 1.1.0b-2
+ [jessie] - openssl <not-affected> (Issue introduced in 1.0.2b)
+ [wheezy] - openssl <not-affected> (Issue introduced in 1.0.2b)
+ - openssl1.0 <unfixed>
+ NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0
+ NOTE: thus mark as fixed in the firs 1.1.0 version which entered unstable.
+ NOTE: https://www.openssl.org/news/secadv/20171207.txt
CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery squaring ...)
{DSA-4017-1}
- openssl 1.1.0g-1
More information about the Secure-testing-commits
mailing list