The branch master has been updated via c35854b022239196048f9bbd5418fb77dd4f7ee0 (commit) from 6e45814cbe2c0d6d40b7b24a7d5f238faafb4bd4 (commit)
- Log ----------------------------------------------------------------- commit c35854b022239196048f9bbd5418fb77dd4f7ee0 Author: Pauli <paul.d...@oracle.com> Date: Mon Oct 29 09:58:52 2018 +1000 fix vulnerability entry ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xml | 50 ++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index a2a2de0..605f354 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,31 @@ <!-- The updated attribute should be the same as the first public issue, unless an old entry was updated. --> -<security updated="20180814"> +<security updated="20181029"> + <issue public="20181029"> + <impact severity="Low"/> + <cve name="2018-0735"/> + <affects base="1.1.1" version="1.1.1"/> + <affects base="1.1.0" version="1.1.0"/> + <affects base="1.1.0" version="1.1.0a"/> + <affects base="1.1.0" version="1.1.0b"/> + <affects base="1.1.0" version="1.1.0c"/> + <affects base="1.1.0" version="1.1.0d"/> + <affects base="1.1.0" version="1.1.0e"/> + <affects base="1.1.0" version="1.1.0f"/> + <affects base="1.1.0" version="1.1.0g"/> + <affects base="1.1.0" version="1.1.0h"/> + <affects base="1.1.0" version="1.1.0i"/> + <problemtype>Constant time issue</problemtype> + <title>Timing attack against ECDSA signature generation</title> + <description> + The OpenSSL ECDSA signature algorithm has been shown to be + vulnerable to a timing side channel attack. An attacker could use + variations in the signing algorithm to recover the private key. + </description> + <advisory url="/news/secadv/20181029.txt"/> + <reported source="Samuel Weiser"/> + </issue> <issue public="20180612"> <impact severity="Low"/> <cve name="2018-0732"/> @@ -54,30 +78,6 @@ <advisory url="/news/secadv/20180612.txt"/> <reported source="Guido Vranken"/> </issue> - <issue public="20181029"> - <impact severity="Low"/> - <cve name="2018-0735"/> - <affects base="1.1.1" version="1.1.1"/> - <affects base="1.1.0" version="1.1.0"/> - <affects base="1.1.0" version="1.1.0a"/> - <affects base="1.1.0" version="1.1.0b"/> - <affects base="1.1.0" version="1.1.0c"/> - <affects base="1.1.0" version="1.1.0d"/> - <affects base="1.1.0" version="1.1.0e"/> - <affects base="1.1.0" version="1.1.0f"/> - <affects base="1.1.0" version="1.1.0g"/> - <affects base="1.1.0" version="1.1.0h"/> - <affects base="1.1.0" version="1.1.0i"/> - <problemtype>Constant time issue</problemtype> - <title>Timing attack against ECDSA signature generation</title> - <description> - The OpenSSL ECDSA signature algorithm has been shown to be - vulnerable to a timing side channel attack. An attacker could use - variations in the signing algorithm to recover the private key. - </description> - <advisory url="/news/secadv/20181029.txt"/> - <reported source="Samuel Weiser"/> - </issue> <issue public="20180416"> <impact severity="Low"/> <cve name="2018-0737"/> _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits