[Secure-testing-commits] r47904 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Jan 11 13:44:11 UTC 2017
Author: carnil
Date: 2017-01-11 13:44:11 +0000 (Wed, 11 Jan 2017)
New Revision: 47904
Modified:
data/CVE/list
Log:
Add no-dsa for CVE-2016-7056 for openssl in jessie
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-11 13:38:09 UTC (rev 47903)
+++ data/CVE/list 2017-01-11 13:44:11 UTC (rev 47904)
@@ -20187,6 +20187,7 @@
CVE-2016-7056 [ECDSA P-256 timing attack key recovery]
RESERVED
- openssl 1.0.2a-1
+ [jessie] - openssl <no-dsa> (Can be fixed along with the next round of openssl vulnerabilities)
- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
NOTE: https://eprint.iacr.org/2016/1195.pdf
NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 (OpenSSL_1_0_2-beta3)
More information about the Secure-testing-commits
mailing list