Author: ghedo
Date: 2016-03-01 14:13:51 +0000 (Tue, 01 Mar 2016)
New Revision: 40097
Modified:
data/CVE/list
Log:
Update openssl issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-01 14:13:43 UTC (rev 40096)
+++ data/CVE/list 2016-03-01 14:13:51 UTC (rev 40097)
@@ -6178,7 +6178,7 @@
TODO: check
CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before
4.4.4, ...)
TODO: check
-CVE-2016-0800
+CVE-2016-0800 [Cross-protocol attack on TLS using SSLv2 (DROWN)]
RESERVED
- openssl 1.0.0c-2
NOTE: 1.0.0c-2 dropped SSLv2 support
@@ -6186,18 +6186,18 @@
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2
NOTE:
http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
-CVE-2016-0799
+CVE-2016-0799 [Memory issues in BIO_*printf functions]
RESERVED
- openssl <unfixed>
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE:
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
-CVE-2016-0798
+CVE-2016-0798 [Memory leak in SRP database lookups]
RESERVED
- openssl <unfixed>
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
-CVE-2016-0797
+CVE-2016-0797 [BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption]
RESERVED
- openssl <unfixed>
NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -6525,26 +6525,27 @@
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
-CVE-2016-0705
+CVE-2016-0705 [Double-free in DSA code]
RESERVED
- openssl <unfixed>
[squeeze] - openssl <not-affected> (vulnerable code not present)
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0704
+CVE-2016-0704 [Bleichenbacher oracle in SSLv2]
RESERVED
- openssl 1.0.0c-2
NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0703
+CVE-2016-0703 [Divide-and-conquer session key recovery in SSLv2]
RESERVED
- openssl 1.0.0c-2
NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0702
+CVE-2016-0702 [Side channel attack on modular exponentiation]
RESERVED
- openssl <unfixed>
NOTE: https://www.openssl.org/news/secadv/20160301.txt
+ NOTE: https://cachebleed.info
CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in
OpenSSL 1.0.2 ...)
- openssl 1.0.2f-2
[jessie] - openssl <not-affected> (Only affects 1.0.2)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
