Author: kroeckx
Date: 2014-08-07 20:44:39 +0000 (Thu, 07 Aug 2014)
New Revision: 28136
Modified:
data/CVE/list
Log:
Update recent OpenSSL CVE descriptions.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-07 20:32:30 UTC (rev 28135)
+++ data/CVE/list 2014-08-07 20:44:39 UTC (rev 28136)
@@ -118,7 +118,7 @@
RESERVED
CVE-2014-5140
RESERVED
-CVE-2014-5139
+CVE-2014-5139 (Crash with SRP ciphersuite in Server Hello message)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
@@ -3901,38 +3901,38 @@
RESERVED
CVE-2014-3513
RESERVED
-CVE-2014-3512
+CVE-2014-3512 (SRP buffer overrun)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
[squeeze] - openssl <not-affected> (vulnerable code not present)
-CVE-2014-3511
+CVE-2014-3511 (OpenSSL TLS protocol downgrade attack)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
- [squeeze] - openssl <not-affected> (vulnerable code not present)
-CVE-2014-3510
+ [squeeze] - openssl <not-affected> (Doesn't support TLS higher than 1.0)
+CVE-2014-3510 (OpenSSL DTLS anonymous (EC)DH denial of service)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
-CVE-2014-3509
+CVE-2014-3509 (Race condition in ssl_parse_serverhello_tlsext)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
[squeeze] - openssl <not-affected> (vulnerable code not present)
-CVE-2014-3508
+CVE-2014-3508 (Information leak in pretty printing functions)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
-CVE-2014-3507
+CVE-2014-3507 (DTLS memory leak from zero-length fragments)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
-CVE-2014-3506
+CVE-2014-3506 (DTLS memory exhaustion)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
-CVE-2014-3505
+CVE-2014-3505 (Double Free when processing DTLS packets)
RESERVED
{DSA-2998-1}
- openssl 1.0.1i-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
