Author: kroeckx Date: 2015-06-11 17:27:52 +0000 (Thu, 11 Jun 2015) New Revision: 34892
Modified: data/CVE/list Log: Update OpenSSL issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-06-11 17:25:53 UTC (rev 34891) +++ data/CVE/list 2015-06-11 17:27:52 UTC (rev 34892) @@ -1180,6 +1180,7 @@ NOTE: https://lkml.org/lkml/2015/5/13/744 NOTE: Not enabled in Debian kernels; staging drivers are not supported CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...) + - openssl 1.0.2b-1 NOTE: CVE assigned specific to vulnerability in the TLS protocol that was NOTE: disclosed in section 3.2 of the NOTE: https://weakdh.org/imperfect-forward-secrecy.pdf paper. @@ -7283,28 +7284,28 @@ RESERVED CVE-2015-1792 [CMS verify infinite loop with unknown hash function] RESERVED - - openssl <unfixed> + - openssl 1.0.2b-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2015-1791 [race condition in NewSessionTicket] RESERVED - - openssl <unfixed> + - openssl 1.0.2b-1 NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158 NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb CVE-2015-1790 [PKCS7 crash with missing EnvelopedContent] RESERVED - - openssl <unfixed> + - openssl 1.0.2b-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2015-1789 [Exploitable out-of-bounds read in X509_cmp_time] RESERVED - - openssl <unfixed> + - openssl 1.0.2b-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2015-1788 [Malformed ECParameters causes infinite loop] RESERVED - - openssl <unfixed> + - openssl 1.0.2b-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL ...) - - openssl <not-affected> (Only affects 1.0.2, only in experimental) + - openssl 1.0.2a-1 CVE-2015-1786 [Invalid CSRF validation of null or incorrectly formatted token identifiers] RESERVED - zendframework <not-affected> (the vulnerability was introduced specifically in the 2.3 series) @@ -16797,7 +16798,7 @@ RESERVED CVE-2014-8176 [Invalid free in DTLS] RESERVED - - openssl <unfixed> + - openssl 1.0.2-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2014-8175 RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits