The branch master has been updated via 3ce25987564d4a98da666c17dbf6feb70b4e16ed (commit) from 18c21788f12170c543d93a72f5e55febe1d9bf20 (commit)
- Log ----------------------------------------------------------------- commit 3ce25987564d4a98da666c17dbf6feb70b4e16ed Author: Mark J. Cox <m...@awe.com> Date: Wed Jan 17 14:36:16 2018 +0000 Working on conversion of the xml to Mitre JSON; there are a few issues that fail validation due to 1) missing affects (fixed) and 2) missing references. Some are still missing references as there was no security advisory and I'll link to the commits instead over time. ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index c96da20..9e022e4 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -4356,6 +4356,8 @@ large session ID in SSL3. <issue public="20020730"> <cve name="2002-0657"/> <advisory url="/news/secadv/20020730.txt"/> + <affects base="0.9.7" version="0.9.7-beta3"/> + <fixed base="0.9.7" version="0.9.7" date="20021210"/> <reported source="OpenSSL Group (A.L. Digital)"/> <description> A buffer overflow when Kerberos is enabled allowed attackers @@ -4366,6 +4368,7 @@ flaw did not affect any released version of 0.9.6 or 0.9.7 <issue public="20020730"> <cve name="2002-0659"/> + <advisory url="/news/secadv/20020730.txt"/> <affects base="0.9.6" version="0.9.6a"/> <affects base="0.9.6" version="0.9.6b"/> <affects base="0.9.6" version="0.9.6c"/> @@ -4944,7 +4947,8 @@ only when applications are compiled for debugging. <cve name="2007-5502"/> <advisory url="/news/secadv/20071129.txt"/> <reported source="Geoff Lowe"/> - + <affects base="fips-1.1" version="fips-1.1.1"/> + <fixed base="fips-1.1" version="fips-1.1.2" date="20071201"/> <description> The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates @@ -6046,6 +6050,7 @@ server could use this flaw to crash a connecting client. This issue only affect <issue public="20140214"> <cve name="2014-0076"/> + <advisory url="https://www.openssl.org/news/secadv/20140605.txt"/> <affects base="0.9.8" version="0.9.8"/> <affects base="0.9.8" version="0.9.8a"/> <affects base="0.9.8" version="0.9.8b"/> _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits