[openssl-commits] [web] master update

Mark J . Cox Tue, 15 Jan 2019 04:07:08 -0800

The branch master has been updated
       via  0ef1cccd789aa8434f9ef8e3783df637d506b53f (commit)
       via  d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b (commit)
      from  c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf (commit)



- Log -----------------------------------------------------------------
commit 0ef1cccd789aa8434f9ef8e3783df637d506b53f
Merge: c49be85 d5d657a
Author: Mark J. Cox <mark...@gmail.com>
Date:   Tue Jan 15 12:02:31 2019 +0000

    Merge pull request #105 from iamamoose/vulns
    
    Add severities that were in the advisories but missing from the 
vulnerability pages, also found a missing vulnerability

commit d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b
Author: Mark J. Cox <m...@awe.com>
Date:   Tue Jan 15 11:37:51 2019 +0000

    Add severities that were in the advisories but missing from the
    vulnerability pages, also found a missing vulnerability

-----------------------------------------------------------------------

Summary of changes:
 news/vulnerabilities.xml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 2142ade..d9b42bd 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -3629,6 +3629,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20150108">
     <cve name="2015-0206"/>
+    <impact severity="Moderate"/>    
     <affects base="1.0.0" version="1.0.0"/>
     <affects base="1.0.0" version="1.0.0a"/>
     <affects base="1.0.0" version="1.0.0b"/>
@@ -3671,6 +3672,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20141021">
     <cve name="2014-3569"/>
+    <impact severity="Low"/>        
     <affects base="0.9.8" version="0.9.8zc"/>
     <affects base="1.0.0" version="1.0.0o"/>
     <affects base="1.0.1" version="1.0.1j"/>
@@ -3689,6 +3691,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20150105">
     <cve name="2014-3572"/>
+    <impact severity="Low"/>    
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -3757,8 +3760,79 @@ the certificate key is invalid. This function is rarely 
used in practice.
     <reported source="Karthikeyan Bhargavan of the PROSECCO team at INRIA"/>
   </issue>
 
+  <issue public="20150105">
+    <cve name="2014-3571"/>
+    <impact severity="Moderate"/>        
+    <affects base="0.9.8" version="0.9.8"/>
+    <affects base="0.9.8" version="0.9.8a"/>
+    <affects base="0.9.8" version="0.9.8b"/>
+    <affects base="0.9.8" version="0.9.8c"/>
+    <affects base="0.9.8" version="0.9.8d"/>
+    <affects base="0.9.8" version="0.9.8e"/>
+    <affects base="0.9.8" version="0.9.8f"/>
+    <affects base="0.9.8" version="0.9.8g"/>
+    <affects base="0.9.8" version="0.9.8h"/>
+    <affects base="0.9.8" version="0.9.8i"/>
+    <affects base="0.9.8" version="0.9.8j"/>
+    <affects base="0.9.8" version="0.9.8k"/>
+    <affects base="0.9.8" version="0.9.8l"/>
+    <affects base="0.9.8" version="0.9.8m"/>
+    <affects base="0.9.8" version="0.9.8n"/>
+    <affects base="0.9.8" version="0.9.8o"/>
+    <affects base="0.9.8" version="0.9.8p"/>
+    <affects base="0.9.8" version="0.9.8q"/>
+    <affects base="0.9.8" version="0.9.8r"/>
+    <affects base="0.9.8" version="0.9.8s"/>
+    <affects base="0.9.8" version="0.9.8t"/>
+    <affects base="0.9.8" version="0.9.8u"/>
+    <affects base="0.9.8" version="0.9.8v"/>
+    <affects base="0.9.8" version="0.9.8w"/>
+    <affects base="0.9.8" version="0.9.8x"/>
+    <affects base="0.9.8" version="0.9.8y"/>
+    <affects base="0.9.8" version="0.9.8za"/>
+    <affects base="0.9.8" version="0.9.8zb"/>
+    <affects base="0.9.8" version="0.9.8zc"/>
+    <affects base="1.0.0" version="1.0.0"/>
+    <affects base="1.0.0" version="1.0.0a"/>
+    <affects base="1.0.0" version="1.0.0b"/>
+    <affects base="1.0.0" version="1.0.0c"/>
+    <affects base="1.0.0" version="1.0.0d"/>
+    <affects base="1.0.0" version="1.0.0e"/>
+    <affects base="1.0.0" version="1.0.0f"/>
+    <affects base="1.0.0" version="1.0.0g"/>
+    <affects base="1.0.0" version="1.0.0i"/>
+    <affects base="1.0.0" version="1.0.0j"/>
+    <affects base="1.0.0" version="1.0.0k"/>
+    <affects base="1.0.0" version="1.0.0l"/>
+    <affects base="1.0.0" version="1.0.0m"/>
+    <affects base="1.0.0" version="1.0.0n"/>
+    <affects base="1.0.0" version="1.0.0o"/>
+    <affects base="1.0.1" version="1.0.1"/>
+    <affects base="1.0.1" version="1.0.1a"/>
+    <affects base="1.0.1" version="1.0.1b"/>
+    <affects base="1.0.1" version="1.0.1c"/>
+    <affects base="1.0.1" version="1.0.1d"/>
+    <affects base="1.0.1" version="1.0.1e"/>
+    <affects base="1.0.1" version="1.0.1f"/>
+    <affects base="1.0.1" version="1.0.1g"/>
+    <affects base="1.0.1" version="1.0.1h"/>
+    <affects base="1.0.1" version="1.0.1i"/>
+    <affects base="1.0.1" version="1.0.1j"/>
+    <fixed base="1.0.1" version="1.0.1k" date="20150108"/>
+    <fixed base="1.0.0" version="1.0.0p" date="20150108"/>
+    <fixed base="0.9.8" version="0.9.8zd" date="20150108"/>
+
+    <description>
+      A carefully crafted DTLS message can cause a segmentation fault in 
OpenSSL due
+      to a NULL pointer dereference. This could lead to a Denial Of Service 
attack.
+    </description>
+    <advisory url="/news/secadv/20150108.txt"/>
+    <reported source="Markus Stenberg of Cisco Systems, Inc"/>
+  </issue>  
+
   <issue public="20150106">
     <cve name="2015-0204"/>
+    <impact severity="Low"/>    
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -3829,6 +3903,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20150108">
     <cve name="2015-0205"/>
+    <impact severity="Low"/>
     <affects base="1.0.0" version="1.0.0"/>
     <affects base="1.0.0" version="1.0.0a"/>
     <affects base="1.0.0" version="1.0.0b"/>
@@ -3872,6 +3947,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20150105">
     <cve name="2014-8275"/>
+    <impact severity="Low"/>    
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -3951,6 +4027,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20150108">
     <cve name="2014-3570"/>
+    <impact severity="Low"/>    
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -4040,6 +4117,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20141015">
     <cve name="2014-3513"/>
+    <impact severity="High"/>    
     <affects base="1.0.1" version="1.0.1"/>
     <affects base="1.0.1" version="1.0.1a"/>
     <affects base="1.0.1" version="1.0.1b"/>
@@ -4066,6 +4144,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20141015">
     <cve name="2014-3567"/>
+    <impact severity="Moderate"/>
     <affects base="0.9.8" version="0.9.8g"/>
     <affects base="0.9.8" version="0.9.8h"/>
     <affects base="0.9.8" version="0.9.8i"/>
@@ -4201,6 +4280,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   <issue public="20141015">
     <cve name="2014-3568"/>
+    <impact severity="Low"/>    
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

Reply via email to