[Git][security-tracker-team/security-tracker][master] Add hardening commit reference for CVE-2019-1559 and OpenSSL_1_1_0-stable branch

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1117e724 by Salvatore Bonaccorso at 2019-02-26T16:33:05Z
Add hardening commit reference for CVE-2019-1559 and OpenSSL_1_1_0-stable branch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19883,6 +19883,10 @@ CVE-2019-1559 [0-byte record padding oracle]
 	- openssl1.0 <unfixed>
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=48c8bcf5bca0ce7751f49599381e143de1b61786
+	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=5741d5bb74797e4532acc9f42e54c44a2726c179 (only hardening)
+	NOTE: 1.1.0 is not impacted by CVE-2019-1559. The CVE is a result of applications
+	NOTE: calling SSL_shutdown after a fatal alert has occurred. 1.1.0 is not vulnerable
+	NOTE: to this issue.
 	NOTE: https://www.openssl.org/news/secadv/20190226.txt
 CVE-2019-1558
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1117e72456a0e7a8b89910aa03134bae8d8a8886

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1117e72456a0e7a8b89910aa03134bae8d8a8886
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190226/f03552ca/attachment.html>