[Secure-testing-commits] r58398 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Dec 9 19:28:39 UTC 2017


Author: carnil
Date: 2017-12-09 19:28:38 +0000 (Sat, 09 Dec 2017)
New Revision: 58398

Modified:
   data/CVE/list
Log:
Update status for CVE-2017-3737, thanks Q_

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-09 16:14:23 UTC (rev 58397)
+++ data/CVE/list	2017-12-09 19:28:38 UTC (rev 58398)
@@ -43781,13 +43781,13 @@
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
 CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error ...)
 	- openssl 1.1.0b-2
-	[jessie] - openssl <not-affected> (Issue introduced in 1.0.2b)
-	[wheezy] - openssl <not-affected> (Issue introduced in 1.0.2b)
 	- openssl1.0 <unfixed>
 	NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0
 	NOTE: thus mark as fixed in the firs 1.1.0 version which entered unstable.
 	NOTE: https://www.openssl.org/news/secadv/20171207.txt
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=898fb884b706aaeb283de4812340bb0bde8476dc
+	NOTE: From the maintainer: Versions before 1.0.2b always had the problem, in 1.0.2b
+	NOTE: it was attempted to get this fixed but the fix was incomplete.
 CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery squaring ...)
 	{DSA-4017-1}
 	- openssl 1.1.0g-1




More information about the Secure-testing-commits mailing list