[openssl-commits] [web] master update

Mark J. Cox mark at openssl.org
Tue Jan 30 13:00:01 UTC 2018


The branch master has been updated
       via  f7d3fb4dbadf9235d05d806b974b21b5a8f96487 (commit)
      from  d3f697fb1c07f977e377ce636d80be5c59c3dce4 (commit)


- Log -----------------------------------------------------------------
commit f7d3fb4dbadf9235d05d806b974b21b5a8f96487
Author: Mark J. Cox <mark at awe.com>
Date:   Tue Jan 30 12:59:33 2018 +0000

    start adding some git commit links for 1.0.2 vulns (where 1.1.0 doesn't have a link or is a very different patch, for now)

-----------------------------------------------------------------------

Summary of changes:
 news/vulnerabilities.xml | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index ffc2c90..80786e1 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -23,7 +23,9 @@
     <affects base="1.0.2" version="1.0.2k"/>
     <affects base="1.0.2" version="1.0.2l"/>
     <affects base="1.0.2" version="1.0.2m"/>
-    <fixed base="1.0.2" version="1.0.2n" date="20171207"/>
+    <fixed base="1.0.2" version="1.0.2n" date="20171207">
+      <git hash="898fb884b706aaeb283de4812340bb0bde8476dc"/>
+    </fixed>
     <problemtype>Unauthenticated read/unencrypted write</problemtype>
     <title>Read/write after SSL object in error state</title>
     <description>
@@ -231,7 +233,9 @@
     <fixed base="1.1.0" version="1.1.0d" date="20170126">
       <git hash="00d965474b22b54e4275232bc71ee0c699c5cd21"/>
     </fixed>
-    <fixed base="1.0.2" version="1.0.2k" date="20170126"/>
+    <fixed base="1.0.2" version="1.0.2k" date="20170126">
+      <git hash="8e20499629b6bcf868d0072c7011e590b5c2294d"/>
+    </fixed>
     <problemtype>out-of-bounds read</problemtype>
     <title>Truncated packet could crash via OOB read</title>
     <description>
@@ -422,8 +426,9 @@
     <impact severity="Moderate"/>
     <cve name="2016-7052"/>
     <affects base="1.0.2" version="1.0.2i"/>
-    <fixed base="1.0.2" version="1.0.2j" date="20160926"/>
-
+    <fixed base="1.0.2" version="1.0.2j" date="20160926">
+      <git hash="8b7c51a0e4a03895a657cf2eb8d5c2aa1ca3586f"/>
+    </fixed>
     <problemtype>NULL pointer exception</problemtype>                        
     <description>
       This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016.
@@ -541,7 +546,9 @@
     <affects base="1.0.2" version="1.0.2g"/>
     <affects base="1.0.2" version="1.0.2h"/>
     <fixed base="1.0.1" version="1.0.1u" date="20160922"/>
-    <fixed base="1.0.2" version="1.0.2i" date="20160922"/>
+    <fixed base="1.0.2" version="1.0.2i" date="20160922">
+      <git hash="1027ad4f34c30b8585592764b9a670ba36888269"/>
+    </fixed>
 
     <description>
       An overflow can occur in MDC2_Update() either if called directly or
@@ -832,7 +839,9 @@
     <affects base="1.0.2" version="1.0.2g"/>
     <affects base="1.0.2" version="1.0.2h"/>
     <fixed base="1.0.1" version="1.0.1u" date="20160922"/>
-    <fixed base="1.0.2" version="1.0.2i" date="20160922"/>
+    <fixed base="1.0.2" version="1.0.2i" date="20160922">
+      <git hash="26f2c5774f117aea588e8f31fad38bcf14e83bec"/>
+    </fixed>
 
     <description>
       In a DTLS connection where handshake messages are delivered out-of-order those
@@ -931,7 +940,9 @@
     <affects base="1.0.2" version="1.0.2g"/>
     <affects base="1.0.2" version="1.0.2h"/>
     <fixed base="1.0.1" version="1.0.1u" date="20160922"/>
-    <fixed base="1.0.2" version="1.0.2i" date="20160922"/>
+    <fixed base="1.0.2" version="1.0.2i" date="20160922">
+      <git hash="006a788c84e541c8920dd2ad85fb62b52185c519"/>
+    </fixed>
     <description>
       In OpenSSL 1.0.2 and earlier some missing message length checks can result in
       OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical
@@ -1124,7 +1135,9 @@
     <affects base="1.0.2" version="1.0.2f"/>
     <affects base="1.0.2" version="1.0.2g"/>
     <fixed base="1.0.1" version="1.0.1t" date="20160503"/>
-    <fixed base="1.0.2" version="1.0.2h" date="20160503"/>
+    <fixed base="1.0.2" version="1.0.2h" date="20160503">
+      <git hash="68595c0c2886e7942a14f98c17a55a88afb6c292"/>
+    </fixed>
 
     <description>
       A MITM attacker can use a padding oracle attack to decrypt traffic


More information about the openssl-commits mailing list