[openssl-commits] [web] master update

Mark J. Cox mark at openssl.org
Wed Jan 17 14:37:54 UTC 2018

The branch master has been updated
       via  3ce25987564d4a98da666c17dbf6feb70b4e16ed (commit)
      from  18c21788f12170c543d93a72f5e55febe1d9bf20 (commit)

- Log -----------------------------------------------------------------
commit 3ce25987564d4a98da666c17dbf6feb70b4e16ed
Author: Mark J. Cox <mark at awe.com>
Date:   Wed Jan 17 14:36:16 2018 +0000

    Working on conversion of the xml to Mitre JSON; there are a few
    issues that fail validation due to 1) missing affects (fixed)
    and 2) missing references.  Some are still missing references
    as there was no security advisory and I'll link to the commits
    instead over time.


Summary of changes:
 news/vulnerabilities.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index c96da20..9e022e4 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -4356,6 +4356,8 @@ large session ID in SSL3.
   <issue public="20020730">
     <cve name="2002-0657"/>
     <advisory url="/news/secadv/20020730.txt"/>
+    <affects base="0.9.7" version="0.9.7-beta3"/>    
+    <fixed base="0.9.7" version="0.9.7" date="20021210"/>    
     <reported source="OpenSSL Group (A.L. Digital)"/>
 A buffer overflow when Kerberos is enabled allowed attackers
@@ -4366,6 +4368,7 @@ flaw did not affect any released version of 0.9.6 or 0.9.7
   <issue public="20020730">
     <cve name="2002-0659"/>
+    <advisory url="/news/secadv/20020730.txt"/>
     <affects base="0.9.6" version="0.9.6a"/>
     <affects base="0.9.6" version="0.9.6b"/>
     <affects base="0.9.6" version="0.9.6c"/>
@@ -4944,7 +4947,8 @@ only when applications are compiled for debugging.
     <cve name="2007-5502"/>
     <advisory url="/news/secadv/20071129.txt"/>
     <reported source="Geoff Lowe"/>
+    <affects base="fips-1.1" version="fips-1.1.1"/>
+    <fixed base="fips-1.1" version="fips-1.1.2" date="20071201"/>
 The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does
 not perform auto-seeding during the FIPS self-test, which generates
@@ -6046,6 +6050,7 @@ server could use this flaw to crash a connecting client.  This issue only affect
   <issue public="20140214">
     <cve name="2014-0076"/>
+    <advisory url="https://www.openssl.org/news/secadv/20140605.txt"/>
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>

More information about the openssl-commits mailing list