[Secure-testing-commits] r58572 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 14 13:27:40 UTC 2017
Author: carnil
Date: 2017-12-14 13:27:40 +0000 (Thu, 14 Dec 2017)
New Revision: 58572
Modified:
data/CVE/list
Log:
Two openssl1.0 issues fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-14 11:28:04 UTC (rev 58571)
+++ data/CVE/list 2017-12-14 13:27:40 UTC (rev 58572)
@@ -46490,14 +46490,14 @@
[stretch] - openssl <postponed> (Can be fixed with next OpenSSL advisory round)
[jessie] - openssl <not-affected> (Vulnerable code not present)
[wheezy] - openssl <not-affected> (Vulnerable code not present)
- - openssl1.0 <unfixed> (low)
+ - openssl1.0 1.0.2n-1 (low)
NOTE: https://www.openssl.org/news/secadv/20171207.txt
NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error ...)
- openssl 1.1.0b-2
[jessie] - openssl <postponed> (Can be fixed with next OpenSSL advisory round)
- - openssl1.0 <unfixed>
+ - openssl1.0 1.0.2n-1
NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0
NOTE: thus mark as fixed in the firs 1.1.0 version which entered unstable.
NOTE: https://www.openssl.org/news/secadv/20171207.txt
More information about the Secure-testing-commits
mailing list