[Git][security-tracker-team/security-tracker][master] openssl1.0 DSA

Wed Dec 19 22:26:41 GMT 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1420cb8 by Moritz Muehlenhoff at 2018-12-19T22:26:18Z
openssl1.0 DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -60785,7 +60785,6 @@ CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be ...
 	- openssl 1.1.0h-3 (low; bug #895844)
 	[wheezy] - openssl <postponed> (Can wait for next update)
 	- openssl1.0 1.0.2q-1 (low; bug #895845)
-	[stretch] - openssl1.0 <postponed> (Can wait for next DSA and upstream release)
 	NOTE: https://www.openssl.org/news/secadv/20180416.txt
 	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
@@ -60804,7 +60803,6 @@ CVE-2018-0734 (The OpenSSL DSA signature algorithm has been shown to be vulnerab
 	- openssl 1.1.1a-1
 	[jessie] - openssl <postponed> (vulnerable code not present, but see note below)
 	- openssl1.0 1.0.2q-1
-	[stretch] - openssl1.0 <postponed> (Wait for next DSA and upstream release)
 	NOTE: https://www.openssl.org/news/secadv/20181030.txt
 	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
 	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
@@ -60826,7 +60824,6 @@ CVE-2018-0732 (During key agreement in a TLS handshake using a DH(E) based ...)
 	{DSA-4348-1 DLA-1449-1}
 	- openssl 1.1.1-1 (low)
 	- openssl1.0 1.0.2q-1 (low)
-	[stretch] - openssl1.0 <postponed> (Minor issue, can be fixed along with next OpenSSL security release)
 	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098
 	NOTE: https://www.openssl.org/news/secadv/20180612.txt


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Dec 2018] DSA-4355-1 openssl1.0 - security update
+	{CVE-2018-0732 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407}
+	[stretch] - openssl1.0 1.0.2q-1~deb9u1
 [12 Dec 2018] DSA-4354-1 firefox-esr - security update
 	{CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498}
 	[stretch] - firefox-esr 60.4.0esr-1~deb9u1


=====================================
data/dsa-needed.txt
=====================================
@@ -44,8 +44,6 @@ mercurial
 --
 openjpeg2 (luciano)
 --
-openssl1.0 (jmm)
---
 passenger
 --
 simplesamlphp



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1420cb837ca1ab05933bee180ff7ce317f29506

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1420cb837ca1ab05933bee180ff7ce317f29506
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181219/6e457089/attachment.html>
