[Secure-testing-commits] r43744 - data/CVE

Alessandro Ghedini Wed, 03 Aug 2016 05:34:47 -0700

Author: ghedo
Date: 2016-08-03 12:34:13 +0000 (Wed, 03 Aug 2016)
New Revision: 43744


Modified:
   data/CVE/list
Log:
Add fixed versions for curl issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-08-03 12:27:47 UTC (rev 43743)
+++ data/CVE/list       2016-08-03 12:34:13 UTC (rev 43744)
@@ -3318,21 +3318,21 @@
        RESERVED
 CVE-2016-5422
        RESERVED
-CVE-2016-5421
+CVE-2016-5421 [TLS session resumption client cert bypass]
        RESERVED
-       - curl <unfixed>
+       - curl 7.50.1-1
        [wheezy] - curl <not-affected> (introduced in 7.32.0)
        NOTE: https://curl.haxx.se/docs/adv_20160803C.html
        NOTE: Fixed by https://curl.haxx.se/CVE-2016-5421.patch
-CVE-2016-5420
+CVE-2016-5420 [Re-using connection with wrong client cert]
        RESERVED
-       - curl <unfixed>
+       - curl 7.50.1-1
        NOTE: https://curl.haxx.se/docs/adv_20160803B.html
        NOTE: Fixed by https://curl.haxx.se/CVE-2016-5420.patch
        NOTE: Wheezy: vulnerable code is in lib/sslgen.c
-CVE-2016-5419
+CVE-2016-5419 [TLS session resumption client cert bypass]
        RESERVED
-       - curl <unfixed>
+       - curl 7.50.1-1
        NOTE: https://curl.haxx.se/docs/adv_20160803A.html
        NOTE: Fixed by https://curl.haxx.se/CVE-2016-5419.patch
        NOTE: Wheezy: vulnerable code is in lib/sslgen.c


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43744 - data/CVE

Reply via email to