[Secure-testing-commits] r34892 - data/CVE

Thu, 11 Jun 2015 10:28:43 -0700 

Author: kroeckx
Date: 2015-06-11 17:27:52 +0000 (Thu, 11 Jun 2015)
New Revision: 34892

Modified:
   data/CVE/list
Log:
Update OpenSSL issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-06-11 17:25:53 UTC (rev 34891)
+++ data/CVE/list       2015-06-11 17:27:52 UTC (rev 34892)
@@ -1180,6 +1180,7 @@
        NOTE: https://lkml.org/lkml/2015/5/13/744
        NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite 
is ...)
+       - openssl 1.0.2b-1
        NOTE: CVE assigned specific to vulnerability in the TLS protocol that 
was
        NOTE: disclosed in section 3.2 of the
        NOTE: https://weakdh.org/imperfect-forward-secrecy.pdf paper.
@@ -7283,28 +7284,28 @@
        RESERVED
 CVE-2015-1792 [CMS verify infinite loop with unknown hash function]
        RESERVED
-       - openssl <unfixed>
+       - openssl 1.0.2b-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1791 [race condition in NewSessionTicket]
        RESERVED
-       - openssl <unfixed>
+       - openssl 1.0.2b-1
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb
 CVE-2015-1790 [PKCS7 crash with missing EnvelopedContent]
        RESERVED
-       - openssl <unfixed>
+       - openssl 1.0.2b-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1789 [Exploitable out-of-bounds read in X509_cmp_time]
        RESERVED
-       - openssl <unfixed>
+       - openssl 1.0.2b-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1788 [Malformed ECParameters causes infinite loop]
        RESERVED
-       - openssl <unfixed>
+       - openssl 1.0.2b-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in 
OpenSSL ...)
-       - openssl <not-affected> (Only affects 1.0.2, only in experimental)
+       - openssl 1.0.2a-1
 CVE-2015-1786 [Invalid CSRF validation of null or incorrectly formatted token 
identifiers]
        RESERVED
        - zendframework <not-affected> (the vulnerability was introduced 
specifically in the 2.3 series)
@@ -16797,7 +16798,7 @@
        RESERVED
 CVE-2014-8176 [Invalid free in DTLS]
        RESERVED
-       - openssl <unfixed>
+       - openssl 1.0.2-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2014-8175
        RESERVED


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to