[Secure-testing-commits] r58343 - data/CVE

Moritz Muehlenhoff Thu, 07 Dec 2017 13:23:55 -0800

Author: jmm
Date: 2017-12-07 21:23:37 +0000 (Thu, 07 Dec 2017)
New Revision: 58343


Modified:
   data/CVE/list
Log:
openssl triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-07 21:19:45 UTC (rev 58342)
+++ data/CVE/list       2017-12-07 21:23:37 UTC (rev 58343)
@@ -43621,8 +43621,11 @@
 CVE-2017-3739
        RESERVED
 CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication 
...)
-       - openssl <unfixed>
-       - openssl1.0 <unfixed>
+       - openssl <unfixed> (low)
+       [stretch] - openssl <postponed> (Can be fixed with next OpenSSL 
advisory round)
+       [jessie] - openssl <not-affected> (Vulnerable code not present)
+       [wheezy] - openssl <not-affected> (Vulnerable code not present)
+       - openssl1.0 <unfixed> (low)
        NOTE: https://www.openssl.org/news/secadv/20171207.txt
        NOTE: OpenSSL_1_1_0-stable: 
https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
        NOTE: OpenSSL_1_0_2-stable: 
https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58343 - data/CVE

Reply via email to