[Secure-testing-commits] r58343 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Dec 7 21:23:37 UTC 2017
Author: jmm
Date: 2017-12-07 21:23:37 +0000 (Thu, 07 Dec 2017)
New Revision: 58343
Modified:
data/CVE/list
Log:
openssl triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-07 21:19:45 UTC (rev 58342)
+++ data/CVE/list 2017-12-07 21:23:37 UTC (rev 58343)
@@ -43621,8 +43621,11 @@
CVE-2017-3739
RESERVED
CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication ...)
- - openssl <unfixed>
- - openssl1.0 <unfixed>
+ - openssl <unfixed> (low)
+ [stretch] - openssl <postponed> (Can be fixed with next OpenSSL advisory round)
+ [jessie] - openssl <not-affected> (Vulnerable code not present)
+ [wheezy] - openssl <not-affected> (Vulnerable code not present)
+ - openssl1.0 <unfixed> (low)
NOTE: https://www.openssl.org/news/secadv/20171207.txt
NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
More information about the Secure-testing-commits
mailing list