The branch master has been updated via f7d3fb4dbadf9235d05d806b974b21b5a8f96487 (commit) from d3f697fb1c07f977e377ce636d80be5c59c3dce4 (commit)
- Log ----------------------------------------------------------------- commit f7d3fb4dbadf9235d05d806b974b21b5a8f96487 Author: Mark J. Cox <m...@awe.com> Date: Tue Jan 30 12:59:33 2018 +0000 start adding some git commit links for 1.0.2 vulns (where 1.1.0 doesn't have a link or is a very different patch, for now) ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xml | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index ffc2c90..80786e1 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -23,7 +23,9 @@ <affects base="1.0.2" version="1.0.2k"/> <affects base="1.0.2" version="1.0.2l"/> <affects base="1.0.2" version="1.0.2m"/> - <fixed base="1.0.2" version="1.0.2n" date="20171207"/> + <fixed base="1.0.2" version="1.0.2n" date="20171207"> + <git hash="898fb884b706aaeb283de4812340bb0bde8476dc"/> + </fixed> <problemtype>Unauthenticated read/unencrypted write</problemtype> <title>Read/write after SSL object in error state</title> <description> @@ -231,7 +233,9 @@ <fixed base="1.1.0" version="1.1.0d" date="20170126"> <git hash="00d965474b22b54e4275232bc71ee0c699c5cd21"/> </fixed> - <fixed base="1.0.2" version="1.0.2k" date="20170126"/> + <fixed base="1.0.2" version="1.0.2k" date="20170126"> + <git hash="8e20499629b6bcf868d0072c7011e590b5c2294d"/> + </fixed> <problemtype>out-of-bounds read</problemtype> <title>Truncated packet could crash via OOB read</title> <description> @@ -422,8 +426,9 @@ <impact severity="Moderate"/> <cve name="2016-7052"/> <affects base="1.0.2" version="1.0.2i"/> - <fixed base="1.0.2" version="1.0.2j" date="20160926"/> - + <fixed base="1.0.2" version="1.0.2j" date="20160926"> + <git hash="8b7c51a0e4a03895a657cf2eb8d5c2aa1ca3586f"/> + </fixed> <problemtype>NULL pointer exception</problemtype> <description> This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. @@ -541,7 +546,9 @@ <affects base="1.0.2" version="1.0.2g"/> <affects base="1.0.2" version="1.0.2h"/> <fixed base="1.0.1" version="1.0.1u" date="20160922"/> - <fixed base="1.0.2" version="1.0.2i" date="20160922"/> + <fixed base="1.0.2" version="1.0.2i" date="20160922"> + <git hash="1027ad4f34c30b8585592764b9a670ba36888269"/> + </fixed> <description> An overflow can occur in MDC2_Update() either if called directly or @@ -832,7 +839,9 @@ <affects base="1.0.2" version="1.0.2g"/> <affects base="1.0.2" version="1.0.2h"/> <fixed base="1.0.1" version="1.0.1u" date="20160922"/> - <fixed base="1.0.2" version="1.0.2i" date="20160922"/> + <fixed base="1.0.2" version="1.0.2i" date="20160922"> + <git hash="26f2c5774f117aea588e8f31fad38bcf14e83bec"/> + </fixed> <description> In a DTLS connection where handshake messages are delivered out-of-order those @@ -931,7 +940,9 @@ <affects base="1.0.2" version="1.0.2g"/> <affects base="1.0.2" version="1.0.2h"/> <fixed base="1.0.1" version="1.0.1u" date="20160922"/> - <fixed base="1.0.2" version="1.0.2i" date="20160922"/> + <fixed base="1.0.2" version="1.0.2i" date="20160922"> + <git hash="006a788c84e541c8920dd2ad85fb62b52185c519"/> + </fixed> <description> In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical @@ -1124,7 +1135,9 @@ <affects base="1.0.2" version="1.0.2f"/> <affects base="1.0.2" version="1.0.2g"/> <fixed base="1.0.1" version="1.0.1t" date="20160503"/> - <fixed base="1.0.2" version="1.0.2h" date="20160503"/> + <fixed base="1.0.2" version="1.0.2h" date="20160503"> + <git hash="68595c0c2886e7942a14f98c17a55a88afb6c292"/> + </fixed> <description> A MITM attacker can use a padding oracle attack to decrypt traffic _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits