[Secure-testing-commits] r49942 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Wed Mar 22 20:19:23 UTC 2017
Author: opal
Date: 2017-03-22 20:19:23 +0000 (Wed, 22 Mar 2017)
New Revision: 49942
Modified:
data/CVE/list
data/dla-needed.txt
Log:
More information about polarssl vulnerability.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-22 20:06:58 UTC (rev 49941)
+++ data/CVE/list 2017-03-22 20:19:23 UTC (rev 49942)
@@ -12274,7 +12274,9 @@
RESERVED
- mbedtls 2.4.2-1 (bug #857560)
- polarssl <removed> (bug #857561)
+ [wheezy] - polarssl <not-affected> (Vulnerable code not present)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
+ NOTE: Wheezy do not have any elliptic curve functionality. Jessie is affected however.
CVE-2017-2783
RESERVED
CVE-2017-2782
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-03-22 20:06:58 UTC (rev 49941)
+++ data/dla-needed.txt 2017-03-22 20:19:23 UTC (rev 49942)
@@ -116,8 +116,6 @@
NOTE: backported patch available, but maybe wait for more issues?
NOTE: -- 2017-02-20 Antoine Beaupre
--
-polarssl
---
potrace (Hugo Lefeuvre)
NOTE: Try to reproduce CVE-2016-8685/cherry pick the patch from Stretch.
NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not
More information about the Secure-testing-commits
mailing list