[Git][security-tracker-team/security-tracker][master] Start tracking still openssl under CVE-2018-5407
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 12 20:01:05 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
46303002 by Salvatore Bonaccorso at 2018-11-12T19:59:17Z
Start tracking still openssl under CVE-2018-5407
The issue itself is not an issue in software. Still OpenSSL project is
particularly affected by the issue and adds respective
mitigations/fixes.
As such start tracking for openssl and openss1.0 the fixes for inclusion
in a future DSA.
OpenSSL report: https://www.openssl.org/news/secadv/20181112.txt
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -36849,11 +36849,14 @@ CVE-2018-5408
RESERVED
CVE-2018-5407 [new side-channel vulnerability on SMT/Hyper-Threading architectures]
RESERVED
+ - openssl 1.1.1~~pre9-1
+ - openssl1.0 <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20181112.txt
+ NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b18162a7c9bbfb57112459a4d6631fa258fd8c0c
NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/4
NOTE: https://github.com/bbbrumley/portsmash
NOTE: This is not an issue in software but in a hardware issue. Issue can be
NOTE: mitigated e.g. for OpenSSL.
- TODO: check if we want track specific software as "affected", in particular for specific source packages it might be covered by other individual CVEs
CVE-2018-5406
RESERVED
CVE-2018-5405
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46303002d182b4f887dc03209e0abf3e94599f52
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46303002d182b4f887dc03209e0abf3e94599f52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181112/5b4da51c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list