[Secure-testing-commits] r57247 - in data: CVE DLA

Kurt Roeckx kroeckx at moszumanska.debian.org
Thu Nov 2 15:30:24 UTC 2017 

Author: kroeckx
Date: 2017-11-02 15:30:24 +0000 (Thu, 02 Nov 2017)
New Revision: 57247

Modified:
   data/CVE/list
   data/DLA/list
Log:
OpenSSL security issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-02 15:16:11 UTC (rev 57246)
+++ data/CVE/list	2017-11-02 15:30:24 UTC (rev 57247)
@@ -37460,18 +37460,19 @@
 CVE-2017-3737
 	RESERVED
 CVE-2017-3736 [bn_sqrx8x_internal carry bug on x86_64]
-	RESERVED
-	- openssl <unfixed>
-	- openssl1.0 <unfixed>
+	- openssl 1.1.0g-1
+	[jessie] - openssl <not-affected> (Vulnerable code not present)
+	[wheezy] - openssl <not-affected> (Vulnerable code not present)
+	- openssl1.0 1.0.2m-1
 	NOTE: https://www.openssl.org/news/secadv/20171102.txt
 	NOTE: Fix for 1.0.2: https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b
 	NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871
 CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...)
-	- openssl <unfixed>
+	- openssl 1.1.0g-1
 	[stretch] - openssl <postponed> (Can be fixed with the next openssl security release)
 	[jessie] - openssl <postponed> (Can be fixed with the next openssl security release)
 	[wheezy] - openssl <postponed> (Can be fixed with the next openssl security release)
-	- openssl1.0 <unfixed>
+	- openssl1.0 1.0.2m-1
 	[stretch] - openssl1.0 <postponed> (Can be fixed with the next openssl security release)
 	NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db
 	NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=068b963bb7afc57f5bdd723de0dd15e7795d5822

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-11-02 15:16:11 UTC (rev 57246)
+++ data/DLA/list	2017-11-02 15:30:24 UTC (rev 57247)
@@ -1,4 +1,5 @@
 [02 Nov 2017] DLA-1157-1 openssl - security update
+	{CVE-2017-3735}
 	[wheezy] - openssl 1.0.1t-1+deb7u2
 [31 Oct 2017] DLA-1156-1 libdatetime-timezone-perl - new upstream version
 	[wheezy] - libdatetime-timezone-perl 1:1.58-1+2017c

More information about the Secure-testing-commits mailing list