[Secure-testing-commits] r58697 - in data: . CVE

Emilio Pozuelo Monfort pochu at moszumanska.debian.org
Tue Dec 19 20:11:21 UTC 2017


Author: pochu
Date: 2017-12-19 20:11:21 +0000 (Tue, 19 Dec 2017)
New Revision: 58697

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
CVE-2017-3737/openssl postponed in wheezy

A buggy application that uses openssl in a special, incorrect way is needed
to exploit this.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-19 19:05:19 UTC (rev 58696)
+++ data/CVE/list	2017-12-19 20:11:21 UTC (rev 58697)
@@ -49166,6 +49166,7 @@
 	{DSA-4065-1}
 	- openssl 1.1.0b-2
 	[jessie] - openssl <postponed> (Can be fixed with next OpenSSL advisory round)
+	[wheezy] - openssl <postponed> (Can be fixed with next OpenSSL advisory round)
 	- openssl1.0 1.0.2n-1
 	NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0
 	NOTE: thus mark as fixed in the first 1.1.0 version which entered unstable.

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-12-19 19:05:19 UTC (rev 58696)
+++ data/dla-needed.txt	2017-12-19 20:11:21 UTC (rev 58697)
@@ -75,8 +75,6 @@
 --
 openafs (Thorsten Alteholz)
 --
-openssl (Kurt Roeckx)
---
 otrs2 (Emilio Pozuelo)
 --
 python2.6




More information about the Secure-testing-commits mailing list