[Secure-testing-commits] r48447 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2017-01-27 10:59:53 +0000 (Fri, 27 Jan 2017)
New Revision: 48447

Modified:
   data/CVE/list
Log:
openssl updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-27 10:13:50 UTC (rev 48446)
+++ data/CVE/list	2017-01-27 10:59:53 UTC (rev 48447)
@@ -4692,6 +4692,9 @@
 	- openssl 1.1.0d-1
 	- openssl1.0 1.0.2k-1
 	NOTE: https://www.openssl.org/news/secadv/20170126.txt
+	NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9
+	NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0
+	NOTE:            and https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21
 CVE-2017-3730
 	RESERVED
 	- openssl 1.1.0d-1
@@ -16683,7 +16686,6 @@
 CVE-2016-8610 [SSL/TLS SSL3_AL_WARNING undefined alert DoS]
 	RESERVED
 	- openssl 1.0.2j-1
-	[jessie] - openssl <no-dsa> (Can be fixed along with the next round of openssl vulnerabilities)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3
 	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions countermeasures in gnutls
@@ -21680,7 +21682,6 @@
 CVE-2016-7056 [ECDSA P-256 timing attack key recovery]
 	RESERVED
 	- openssl 1.0.2a-1
-	[jessie] - openssl <no-dsa> (Can be fixed along with the next round of openssl vulnerabilities)
 	- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://eprint.iacr.org/2016/1195.pdf
 	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=f54be179aa4cbbd944728771d7d59ed588158a12