[openssl-commits] [web] master update
Paul I. Dale
pauli at openssl.org
Sun Oct 28 23:59:00 UTC 2018
The branch master has been updated
via c35854b022239196048f9bbd5418fb77dd4f7ee0 (commit)
from 6e45814cbe2c0d6d40b7b24a7d5f238faafb4bd4 (commit)
- Log -----------------------------------------------------------------
commit c35854b022239196048f9bbd5418fb77dd4f7ee0
Author: Pauli <paul.dale at oracle.com>
Date: Mon Oct 29 09:58:52 2018 +1000
fix vulnerability entry
-----------------------------------------------------------------------
Summary of changes:
news/vulnerabilities.xml | 50 ++++++++++++++++++++++++------------------------
1 file changed, 25 insertions(+), 25 deletions(-)
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index a2a2de0..605f354 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,31 @@
<!-- The updated attribute should be the same as the first public issue,
unless an old entry was updated. -->
-<security updated="20180814">
+<security updated="20181029">
+ <issue public="20181029">
+ <impact severity="Low"/>
+ <cve name="2018-0735"/>
+ <affects base="1.1.1" version="1.1.1"/>
+ <affects base="1.1.0" version="1.1.0"/>
+ <affects base="1.1.0" version="1.1.0a"/>
+ <affects base="1.1.0" version="1.1.0b"/>
+ <affects base="1.1.0" version="1.1.0c"/>
+ <affects base="1.1.0" version="1.1.0d"/>
+ <affects base="1.1.0" version="1.1.0e"/>
+ <affects base="1.1.0" version="1.1.0f"/>
+ <affects base="1.1.0" version="1.1.0g"/>
+ <affects base="1.1.0" version="1.1.0h"/>
+ <affects base="1.1.0" version="1.1.0i"/>
+ <problemtype>Constant time issue</problemtype>
+ <title>Timing attack against ECDSA signature generation</title>
+ <description>
+ The OpenSSL ECDSA signature algorithm has been shown to be
+ vulnerable to a timing side channel attack. An attacker could use
+ variations in the signing algorithm to recover the private key.
+ </description>
+ <advisory url="/news/secadv/20181029.txt"/>
+ <reported source="Samuel Weiser"/>
+ </issue>
<issue public="20180612">
<impact severity="Low"/>
<cve name="2018-0732"/>
@@ -54,30 +78,6 @@
<advisory url="/news/secadv/20180612.txt"/>
<reported source="Guido Vranken"/>
</issue>
- <issue public="20181029">
- <impact severity="Low"/>
- <cve name="2018-0735"/>
- <affects base="1.1.1" version="1.1.1"/>
- <affects base="1.1.0" version="1.1.0"/>
- <affects base="1.1.0" version="1.1.0a"/>
- <affects base="1.1.0" version="1.1.0b"/>
- <affects base="1.1.0" version="1.1.0c"/>
- <affects base="1.1.0" version="1.1.0d"/>
- <affects base="1.1.0" version="1.1.0e"/>
- <affects base="1.1.0" version="1.1.0f"/>
- <affects base="1.1.0" version="1.1.0g"/>
- <affects base="1.1.0" version="1.1.0h"/>
- <affects base="1.1.0" version="1.1.0i"/>
- <problemtype>Constant time issue</problemtype>
- <title>Timing attack against ECDSA signature generation</title>
- <description>
- The OpenSSL ECDSA signature algorithm has been shown to be
- vulnerable to a timing side channel attack. An attacker could use
- variations in the signing algorithm to recover the private key.
- </description>
- <advisory url="/news/secadv/20181029.txt"/>
- <reported source="Samuel Weiser"/>
- </issue>
<issue public="20180416">
<impact severity="Low"/>
<cve name="2018-0737"/>
More information about the openssl-commits
mailing list