Author: jmm
Date: 2016-09-22 11:01:13 +0000 (Thu, 22 Sep 2016)
New Revision: 44822
Modified:
data/CVE/list
Log:
new openssl issues (sid status still needs some update for some of those)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-22 09:10:19 UTC (rev 44821)
+++ data/CVE/list 2016-09-22 11:01:13 UTC (rev 44822)
@@ -5755,25 +5755,40 @@
CVE-2016-6308
RESERVED
- openssl <unfixed> (low)
+ [jessie] - openssl <not-affected> (Only affects 1.1)
+ [wheezy] - openssl <not-affected> (Only affects 1.1)
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=48c054fec3506417b2598837b8062aae7114c200
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6307
RESERVED
- openssl <unfixed> (low)
+ [jessie] - openssl <not-affected> (Only affects 1.1)
+ [wheezy] - openssl <not-affected> (Only affects 1.1)
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=c1ef7c971d0bbf117c3c80f65b5875e2e7b024b1
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6306
RESERVED
- openssl <unfixed>
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=ff553f837172ecb2b5c8eca257ec3c5619a4b299
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6305
RESERVED
+ - openssl <unfixed>
+ [jessie] - openssl <not-affected> (Only affects 1.1)
+ [wheezy] - openssl <not-affected> (Only affects 1.1)
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6304
RESERVED
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6303 (Integer overflow in the MDC2_Update function in
crypto/mdc2/mdc2dgst.c ...)
- openssl <unfixed>
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL
before ...)
- openssl <unfixed>
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6301 [NTP server denial of service flaw]
RESERVED
- busybox <unfixed> (unimportant; bug #833442)
@@ -19324,22 +19339,28 @@
CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL
before 1.1.0 ...)
- openssl <unfixed>
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL
before ...)
- openssl <unfixed>
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-2180 (The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the
X.509 ...)
- openssl <unfixed>
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not
properly ...)
- openssl <unfixed>
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-2178 (The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL
...)
- openssl <unfixed> (low)
NOTE: Fixed in master branch in
https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-2177 (OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for
...)
- openssl <unfixed> (low)
NOTE: Fixed in 1.0.2 branch in
https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
NOTE:
https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
+ NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in
OpenSSL ...)
- openssl <not-affected> (Only applies to EBCDIC systems)
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
@@ -23891,11 +23912,10 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/12/22/4
CVE-2015-8697 [Insecure use of temporary files]
RESERVED
- - stalin <unfixed> (bug #808730)
- [jessie] - stalin <no-dsa> (Minor issue)
- [wheezy] - stalin <no-dsa> (Minor issue)
+ - stalin <unfixed> (unimportant; bug #808730)
[squeeze] - stalin <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
+ NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-8708 (Stack-based buffer overflow in the conv_euctojis function in
...)
- claws-mail 3.13.1-1.1 (bug #811048)
[jessie] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614
not applied)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
