[openssl-commits] [web] master update

Mark J. Cox mark at openssl.org
Mon Jan 22 09:29:56 UTC 2018


The branch master has been updated
       via  75d0764d335204555b07725adfacd001ae27b7a0 (commit)
      from  7b59deb727d5f8665b918f3e5185a315a23ae398 (commit)


- Log -----------------------------------------------------------------
commit 75d0764d335204555b07725adfacd001ae27b7a0
Author: Mark J. Cox <mark at awe.com>
Date:   Mon Jan 22 09:28:45 2018 +0000

    Update vulnerability database with references for every CVE, either an
    advisory, link to PR, or git commit link.  Split out the DTLS issues
    from 2009 as the three were not the same (and we can then ensure we
    only have one CVE per entry in this file)

-----------------------------------------------------------------------

Summary of changes:
 news/vulnerabilities.xml | 87 ++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 76 insertions(+), 11 deletions(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 6eed241..27cea1d 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -4381,7 +4381,7 @@ service by sending invalid encodings.
   </issue>
 
   <issue public="20020808">
-    <cve name="2002-1568"/><!-- todo: needs advisory or git hash -->
+    <cve name="2002-1568"/>
     <affects base="0.9.6" version="0.9.6e"/>
     <fixed base="0.9.6" version="0.9.6f" date="20020808"/>
     <description>
@@ -4392,6 +4392,7 @@ OpenSSL to abort from a failed assertion, as demonstrated using SSLv2
 CLIENT_MASTER_KEY messages, which were not properly handled in
 s2_srvr.c.
     </description>
+    <git hash="517a0e7fa0f5453c860a3aec17b678bd55d5aad7"/>
   </issue>
 
   <issue public="20030219">
@@ -4620,7 +4621,7 @@ use Kerberos ciphersuites and will therefore be unaffected.
   </issue>
 
   <issue public="20040930">
-    <cve name="2004-0975"/><!-- todo: needs advisory or git hash -->
+    <cve name="2004-0975"/>
     <affects base="0.9.7" version="0.9.7"/>
     <affects base="0.9.7" version="0.9.7a"/>
     <affects base="0.9.7" version="0.9.7b"/>
@@ -4643,6 +4644,7 @@ use Kerberos ciphersuites and will therefore be unaffected.
     <affects base="0.9.6" version="0.9.6m"/>
     <fixed base="0.9.7" version="0.9.7f" date="20050322"/>
     <fixed base="0.9.6" version="0.9.6-cvs" date="20041114"/>
+    <git hash="5fee606442a6738fd06a756d7076be53b7b7734c"/>
     <!-- der_chop was removed 20041114 -->
 
     <description>
@@ -5085,7 +5087,7 @@ read, for example RSA public keys.
   </issue>
 
   <issue public="20090602">
-    <cve name="2009-1386"/><!-- todo: needs advisory or git hash -->
+    <cve name="2009-1386"/>
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -5097,6 +5099,7 @@ read, for example RSA public keys.
     <affects base="0.9.8" version="0.9.8h"/>
     <fixed base="0.9.8" version="0.9.8i" date="20080915"/>
     <reported source="Alex Lam"/>
+    <git hash="1cbf663a6c89dcf8f7706d30a8bae675e2e0199a"/>
     <description>
 Fix a NULL pointer dereference if a DTLS server recieved
 ChangeCipherSpec as first record.
@@ -5127,7 +5130,8 @@ Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation.
   </issue>
 
   <issue public="20090205">
-    <cve name="2009-1387"/><!-- todo: needs advisory or git hash -->
+    <cve name="2009-1387"/>
+    <advisory url="https://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest"/>
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -5150,9 +5154,66 @@ remote attacker could use this flaw to cause a DTLS server to crash.
   </issue>
 
   <issue public="20090512">
-    <cve name="2009-1377"/><!-- todo: needs advisory or git hash -->
+    <cve name="2009-1377"/>
+    <advisory url="https://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest"/>    
+    <affects base="0.9.8" version="0.9.8"/>
+    <affects base="0.9.8" version="0.9.8a"/>
+    <affects base="0.9.8" version="0.9.8b"/>
+    <affects base="0.9.8" version="0.9.8c"/>
+    <affects base="0.9.8" version="0.9.8d"/>
+    <affects base="0.9.8" version="0.9.8e"/>
+    <affects base="0.9.8" version="0.9.8f"/>
+    <affects base="0.9.8" version="0.9.8g"/>
+    <affects base="0.9.8" version="0.9.8h"/>
+    <affects base="0.9.8" version="0.9.8i"/>
+    <affects base="0.9.8" version="0.9.8j"/>
+    <affects base="0.9.8" version="0.9.8k"/>
+    <affects base="0.9.8" version="0.9.8l"/>
+    <fixed base="0.9.8" version="0.9.8m" date="20100120"/>
+    <reported source="Daniel Mentz, Robin Seggelmann"/>
+    <description>
+Fix a denial of service flaw in the DTLS implementation.  
+Records are buffered if they arrive with a future epoch to be  
+processed after finishing the corresponding handshake. There is  
+currently no limitation to this buffer allowing an attacker to perform  
+a DOS attack to a DTLS server by sending records with future epochs until there is no  
+memory left.
+    </description>
+    <git hash="88b48dc68024dcc437da4296c9fb04419b0ccbe1"/>
+  </issue>
+
+    <issue public="20090512">
     <cve name="2009-1378"/>
+    <advisory url="https://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest"/>    
+    <affects base="0.9.8" version="0.9.8"/>
+    <affects base="0.9.8" version="0.9.8a"/>
+    <affects base="0.9.8" version="0.9.8b"/>
+    <affects base="0.9.8" version="0.9.8c"/>
+    <affects base="0.9.8" version="0.9.8d"/>
+    <affects base="0.9.8" version="0.9.8e"/>
+    <affects base="0.9.8" version="0.9.8f"/>
+    <affects base="0.9.8" version="0.9.8g"/>
+    <affects base="0.9.8" version="0.9.8h"/>
+    <affects base="0.9.8" version="0.9.8i"/>
+    <affects base="0.9.8" version="0.9.8j"/>
+    <affects base="0.9.8" version="0.9.8k"/>
+    <affects base="0.9.8" version="0.9.8l"/>
+    <fixed base="0.9.8" version="0.9.8m" date="20100120"/>
+    <reported source="Daniel Mentz, Robin Seggelmann"/>
+    <git hash="abda7c114791fa7fe95672ec7a66fc4733c40dbc"/>
+    <description>
+      Fix a denial of service flaw in the DTLS implementation.
+In dtls1_process_out_of_seq_message() the check if the current message 
+is already buffered was missing. For every new message was memory 
+allocated, allowing an attacker to perform an denial of service attack 
+against a DTLS server by sending out of seq handshake messages until there is no memory 
+left.
+    </description>
+  </issue>
+
+  <issue public="20090512">
     <cve name="2009-1379"/>
+    <advisory url="https://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest"/>        
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -5168,15 +5229,16 @@ remote attacker could use this flaw to cause a DTLS server to crash.
     <affects base="0.9.8" version="0.9.8l"/>
     <fixed base="0.9.8" version="0.9.8m" date="20100120"/>
     <reported source="Daniel Mentz, Robin Seggelmann"/>
+    <git hash="561cbe567846a376153bea7f1f2d061e78029c2d"/>
     <description>
-Fix denial of service flaws in the DTLS implementation.  A
-remote attacker could use these flaws to cause a DTLS server to use
-excessive amounts of memory, or crash.
+      Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
+      function could cause a client accessing a malicious DTLS server to
+      crash.
     </description>
   </issue>
 
   <issue public="20100113">
-    <cve name="2009-4355"/><!-- todo: needs advisory or git hash -->
+    <cve name="2009-4355"/>
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -5191,6 +5253,7 @@ excessive amounts of memory, or crash.
     <affects base="0.9.8" version="0.9.8k"/>
     <affects base="0.9.8" version="0.9.8l"/>
     <fixed base="0.9.8" version="0.9.8m" date="20100120"/>
+    <git hash="1b31b5ad560b16e2fe1cad54a755e3e6b5e778a3"/>
     <reported source="Michael K Johnson and Andy Grimm (rPath)"/>
     <description>
 A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c
@@ -5201,7 +5264,7 @@ function.
   </issue>
 
   <issue public="20100223">
-    <cve name="2009-3245"/><!-- todo: needs advisory or git hash -->
+    <cve name="2009-3245"/>
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -5216,6 +5279,7 @@ function.
     <affects base="0.9.8" version="0.9.8k"/>
     <affects base="0.9.8" version="0.9.8l"/>
     <fixed base="0.9.8" version="0.9.8m" date="20100120"/>
+    <git hash="7e4cae1d2f555cbe9226b377aff4b56c9f7ddd4d"/>
     <reported source="Martin Olsson, Neel Mehta"/>
     <description>
 It was discovered that OpenSSL did not always check the return value of the
@@ -5226,7 +5290,7 @@ or, possibly, execute arbitrary code
   </issue>
 
   <issue public="20100119">
-    <cve name="2010-0433"/><!-- todo: needs advisory or git hash -->
+    <cve name="2010-0433"/>
     <affects base="0.9.8" version="0.9.8"/>
     <affects base="0.9.8" version="0.9.8a"/>
     <affects base="0.9.8" version="0.9.8b"/>
@@ -5242,6 +5306,7 @@ or, possibly, execute arbitrary code
     <affects base="0.9.8" version="0.9.8l"/>
     <affects base="0.9.8" version="0.9.8m"/>
     <fixed base="0.9.8" version="0.9.8n" date="20100324"/>
+    <git hash="cca1cd9a3447dd067503e4a85ebd1679ee78a48e"/>
     <reported source="Todd Rinaldo, Tomas Hoger (Red Hat)"/>
     <description>
 A missing return value check flaw was discovered in OpenSSL, that could


More information about the openssl-commits mailing list