[Git][security-tracker-team/security-tracker][master] Add CVE-2018-0734/openssl
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 30 07:47:36 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1c6c695 by Salvatore Bonaccorso at 2018-10-30T07:47:14Z
Add CVE-2018-0734/openssl
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49844,8 +49844,16 @@ CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulner
NOTE: https://www.openssl.org/news/secadv/20181029.txt
NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1
-CVE-2018-0734
+CVE-2018-0734 [Timing vulnerability in DSA signature generation]
RESERVED
+ - openssl <unfixed>
+ [stretch] - openssl <postponed> (Wait for next DSA and upstream release)
+ - openssl1.0 <unfixed>
+ [stretch] - openssl1.0 <postponed> (Wait for next DSA and upstream release)
+ NOTE: https://www.openssl.org/news/secadv/20181030.txt
+ NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
+ NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
+ NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=43e6a58d4991a451daf4891ff05a48735df871ac
CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp function is ...)
- openssl 1.1.0h-1 (unimportant)
[stretch] - openssl 1.1.0f-3+deb9u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1c6c69568d952b3c214873895b665b80a2f65ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1c6c69568d952b3c214873895b665b80a2f65ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181030/99292bc4/attachment.html>
More information about the debian-security-tracker-commits
mailing list