Author: ghedo
Date: 2015-08-20 19:32:09 +0000 (Thu, 20 Aug 2015)
New Revision: 36225
Modified:
data/CVE/list
Log:
Update links to OpenSSL advisories
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-20 19:29:21 UTC (rev 36224)
+++ data/CVE/list 2015-08-20 19:32:09 UTC (rev 36225)
@@ -12904,11 +12904,11 @@
[jessie] - openssl <not-affected> (Vulnerable code not present)
[wheezy] - openssl <not-affected> (Vulnerable code not present)
[squeeze] - openssl <not-affected> (Vulnerable code not present)
- NOTE: http://openssl.org/news/secadv_20150709.txt
+ NOTE: http://openssl.org/news/secadv/20150709.txt
CVE-2015-1792 (The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL
before ...)
{DSA-3287-1 DLA-247-1}
- openssl 1.0.2b-1
- NOTE: http://openssl.org/news/secadv_20150611.txt
+ NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1791 (Race condition in the ssl3_get_new_session_ticket function in
...)
{DSA-3287-1 DLA-247-1}
- openssl 1.0.2b-1
@@ -12918,16 +12918,16 @@
CVE-2015-1790 (The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in
OpenSSL ...)
{DSA-3287-1 DLA-247-1}
- openssl 1.0.2b-1
- NOTE: http://openssl.org/news/secadv_20150611.txt
+ NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1789 (The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL
before ...)
{DSA-3287-1 DLA-247-1}
- openssl 1.0.2b-1
- NOTE: http://openssl.org/news/secadv_20150611.txt
+ NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1788 (The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL
before ...)
{DSA-3287-1}
- openssl 1.0.2b-1
[squeeze] - openssl <not-affected> (Vulnerable code got introduced post
1.0.0)
- NOTE: http://openssl.org/news/secadv_20150611.txt
+ NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in
OpenSSL ...)
- openssl <not-affected> (Vulnerable version never in unstable)
NOTE: did affect 1.0.2 (only in experimental) and 1.0.2a was uploaded
to unstable
@@ -22562,7 +22562,7 @@
CVE-2014-8176 (The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL
before ...)
{DSA-3287-1 DLA-247-1}
- openssl 1.0.1h-1
- NOTE: http://openssl.org/news/secadv_20150611.txt
+ NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2014-8175 (Red Hat JBoss Fuse before 6.2.0 allows remote authenticated
users to ...)
NOT-FOR-US: JBoss Fuse
CVE-2014-8174
@@ -44093,7 +44093,7 @@
- openssl 1.0.1g-1 (bug #743883)
[squeeze] - openssl <not-affected> (vulnerable code introduced in
upstream commit 4817504)
NOTE: fix:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902
- NOTE: http://www.openssl.org/news/secadv_20140407.txt
+ NOTE: http://www.openssl.org/news/secadv/20140407.txt
NOTE: system reboot is recommended after the upgrade
CVE-2014-0159 (Buffer overflow in the GetStatistics64 remote procedure call
(RPC) in ...)
{DSA-2899-1}
@@ -74677,7 +74677,7 @@
{DSA-2475-1}
- openssl 1.0.1c-1 (bug #672452)
NOTE: http://seclists.org/oss-sec/2012/q2/299
- NOTE: http://www.openssl.org/news/secadv_20120510.txt
+ NOTE: http://www.openssl.org/news/secadv/20120510.txt
CVE-2012-2332 (SQL injection vulnerability in
serendipity/serendipity_admin.php in ...)
- serendipity <removed> (bug #671937; low)
[squeeze] - serendipity <no-dsa> (Minor issue)
@@ -75270,7 +75270,7 @@
CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in
OpenSSL ...)
{DSA-2454-1}
- openssl 1.0.1a-1
- NOTE: http://www.openssl.org/news/secadv_20120419.txt
+ NOTE: http://www.openssl.org/news/secadv/20120419.txt
CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress
plugin ...)
NOT-FOR-US: wordpress buddypress plugin
CVE-2012-2108 (Stack-based buffer overflow in the main function in
util/lpci_main.c ...)
@@ -81422,7 +81422,7 @@
CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS
applications, ...)
{DSA-2392-1}
- openssl 1.0.0g-1
- NOTE: http://www.openssl.org/news/secadv_20120118.txt
+ NOTE: http://www.openssl.org/news/secadv/20120118.txt
CVE-2012-0049
RESERVED
{DSA-2524-1}
@@ -96725,7 +96725,7 @@
- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not
properly ...)
- openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug
#606902)
- NOTE: http://www.openssl.org/news/secadv_20101202.txt
+ NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux
kernel ...)
- linux-2.6 2.6.32-22
CVE-2010-4250 (Memory leak in the inotify_init1 function in ...)
@@ -96915,7 +96915,7 @@
CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...)
{DSA-2141-1}
- openssl 0.9.8o-4
- NOTE: http://www.openssl.org/news/secadv_20101202.txt
+ NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4179 (The installation documentation for Red Hat Enterprise
Messaging, ...)
NOT-FOR-US: RedHat documentation of MRG
CVE-2010-4178
@@ -106782,7 +106782,7 @@
CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f
through ...)
- openssl 0.9.8n-1 (medium; bug #575607)
[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit
shorts)
- NOTE: http://www.openssl.org/news/secadv_20100324.txt
+ NOTE: http://www.openssl.org/news/secadv/20100324.txt
CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in
dvips ...)
- texlive-bin 2009-6 (low; bug #560668)
[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
