[openssl-commits] [web] master update

Mark J. Cox mark at openssl.org
Wed Mar 29 07:03:35 UTC 2017 

The branch master has been updated
       via  9e202bb48ed00656e8af83e6cd654a4e2209948a (commit)
      from  e5f2c86257184fc2a9331d5ea53fd9f790e7181b (commit)


- Log -----------------------------------------------------------------
commit 9e202bb48ed00656e8af83e6cd654a4e2209948a
Author: Mark J. Cox <mark at awe.com>
Date:   Wed Mar 29 08:02:28 2017 +0100

    CNA requirements have a field for "problem type" which is vaguely defined
    but we'll need to provide it.  Also add a "title" field to newer entries
    as this is in our advisories already but missing from the vulns html page
    (not added there yet however)

-----------------------------------------------------------------------

Summary of changes:
 news/vulnerabilities.xml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 3d759a8..668e987 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -15,6 +15,8 @@
     <affects base="1.1.0" version="1.1.0c"/>
     <affects base="1.1.0" version="1.1.0d"/>
     <fixed base="1.1.0" version="1.1.0e" date="20170216"/>
+    <problemtype>protocol error</problemtype>
+    <title>Encrypt-Then-Mac renegotiation crash</title>
     <description>
       During a renegotiation handshake if the Encrypt-Then-Mac extension is
       negotiated where it was not in the original handshake (or vice-versa) then
@@ -44,6 +46,8 @@
     <affects base="1.0.2" version="1.0.2j"/>
     <fixed base="1.1.0" version="1.1.0d" date="20170126"/>
     <fixed base="1.0.2" version="1.0.2k" date="20170126"/>
+    <problemtype>out-of-bounds read</problemtype>
+    <title>Truncated packet could crash via OOB read</title>
     <description>
       If an SSL/TLS server or client is running on a 32-bit host, and a specific
       cipher is being used, then a truncated packet can cause that server or
@@ -66,6 +70,8 @@
     <affects base="1.1.0" version="1.1.0b"/>
     <affects base="1.1.0" version="1.1.0c"/>
     <fixed base="1.1.0" version="1.1.0d" date="20170126"/>
+    <problemtype>NULL pointer deference</problemtype>
+    <title>Bad (EC)DHE parameters cause a client crash</title>
     <description>
       If a malicious server supplies bad parameters for a DHE or ECDHE key
       exchange then this can result in the client attempting to dereference a
@@ -95,6 +101,8 @@
     <affects base="1.0.2" version="1.0.2j"/>
     <fixed base="1.1.0" version="1.1.0d" date="20170126"/>
     <fixed base="1.0.2" version="1.0.2k" date="20170126"/>
+    <problemtype>carry-propagating bug</problemtype>
+    <title>BN_mod_exp may produce incorrect results on x86_64</title>
     <description>
       There is a carry propagating bug in the x86_64 Montgomery squaring
       procedure. No EC algorithms are affected. Analysis suggests that attacks
@@ -121,6 +129,8 @@
     <affects base="1.1.0" version="1.1.0a"/>
     <affects base="1.1.0" version="1.1.0b"/>
     <fixed base="1.1.0" version="1.1.0c" date="20161110"/>
+    <problemtype>protocol error</problemtype>
+    <title>ChaCha20/Poly1305 heap-buffer-overflow</title>
     <description>
       TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to
       a DoS attack by corrupting larger payloads. This can result in an OpenSSL
@@ -136,6 +146,8 @@
     <affects base="1.1.0" version="1.1.0a"/>
     <affects base="1.1.0" version="1.1.0b"/>
     <fixed base="1.1.0" version="1.1.0c" date="20161110"/>
+    <problemtype>NULL pointer deference</problemtype>
+    <title>CMS Null dereference</title>
     <description>
       Applications parsing invalid CMS structures can crash with a NULL pointer
       dereference. This is caused by a bug in the handling of the ASN.1 CHOICE
@@ -166,6 +178,8 @@
     <affects base="1.0.2" version="1.0.2j"/>
     <fixed base="1.1.0" version="1.1.0c" date="20161110"/>
     <fixed base="1.0.2" version="1.0.2k" date="20170126"/>
+    <problemtype>carry propagating bug</problemtype>
+    <title>Montgomery multiplication may produce incorrect results</title>
     <description>
       There is a carry propagating bug in the Broadwell-specific Montgomery
       multiplication procedure that handles input lengths divisible by, but
@@ -193,6 +207,7 @@
     <affects base="1.1.0" version="1.1.0a"/>
     <fixed base="1.1.0" version="1.1.0b" date="20160926"/>
 
+    <problemtype>write to free</problemtype>                    
     <description>
       This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016.
 
@@ -212,6 +227,7 @@
     <affects base="1.0.2" version="1.0.2i"/>
     <fixed base="1.0.2" version="1.0.2j" date="20160926"/>
 
+    <problemtype>NULL pointer exception</problemtype>                        
     <description>
       This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016.
 
@@ -260,6 +276,7 @@
     <fixed base="1.0.2" version="1.0.2i" date="20160922"/>
     <fixed base="1.1.0" version="1.1.0a" date="20160922"/>
 
+    <problemtype>memory leak</problemtype>                            
     <description>
       A malicious client can send an excessively large OCSP Status Request extension.
       If that client continually requests renegotiation, sending a large OCSP Status

More information about the openssl-commits mailing list