Author: jmm
Date: 2017-01-27 10:59:53 +0000 (Fri, 27 Jan 2017)
New Revision: 48447
Modified:
data/CVE/list
Log:
openssl updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-27 10:13:50 UTC (rev 48446)
+++ data/CVE/list 2017-01-27 10:59:53 UTC (rev 48447)
@@ -4692,6 +4692,9 @@
- openssl 1.1.0d-1
- openssl1.0 1.0.2k-1
NOTE: https://www.openssl.org/news/secadv/20170126.txt
+ NOTE: Fix for 1.0.2:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9
+ NOTE: Fix for 1.1.0:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0
+ NOTE: and
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21
CVE-2017-3730
RESERVED
- openssl 1.1.0d-1
@@ -16683,7 +16686,6 @@
CVE-2016-8610 [SSL/TLS SSL3_AL_WARNING undefined alert DoS]
RESERVED
- openssl 1.0.2j-1
- [jessie] - openssl <no-dsa> (Can be fixed along with the next round of
openssl vulnerabilities)
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3
NOTE: Fixed by:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions
countermeasures in gnutls
@@ -21680,7 +21682,6 @@
CVE-2016-7056 [ECDSA P-256 timing attack key recovery]
RESERVED
- openssl 1.0.2a-1
- [jessie] - openssl <no-dsa> (Can be fixed along with the next round of
openssl vulnerabilities)
- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
NOTE: https://eprint.iacr.org/2016/1195.pdf
NOTE: Fixed by:
https://git.openssl.org/?p=openssl.git;a=commit;h=f54be179aa4cbbd944728771d7d59ed588158a12
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
