[openssl-commits] [web] master update
Mark J. Cox
mark at openssl.org
Tue Jan 15 12:06:39 UTC 2019
The branch master has been updated
via 0ef1cccd789aa8434f9ef8e3783df637d506b53f (commit)
via d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b (commit)
from c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf (commit)
- Log -----------------------------------------------------------------
commit 0ef1cccd789aa8434f9ef8e3783df637d506b53f
Merge: c49be85 d5d657a
Author: Mark J. Cox <markcox at gmail.com>
Date: Tue Jan 15 12:02:31 2019 +0000
Merge pull request #105 from iamamoose/vulns
Add severities that were in the advisories but missing from the vulnerability pages, also found a missing vulnerability
commit d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b
Author: Mark J. Cox <mark at awe.com>
Date: Tue Jan 15 11:37:51 2019 +0000
Add severities that were in the advisories but missing from the
vulnerability pages, also found a missing vulnerability
-----------------------------------------------------------------------
Summary of changes:
news/vulnerabilities.xml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 2142ade..d9b42bd 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -3629,6 +3629,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20150108">
<cve name="2015-0206"/>
+ <impact severity="Moderate"/>
<affects base="1.0.0" version="1.0.0"/>
<affects base="1.0.0" version="1.0.0a"/>
<affects base="1.0.0" version="1.0.0b"/>
@@ -3671,6 +3672,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20141021">
<cve name="2014-3569"/>
+ <impact severity="Low"/>
<affects base="0.9.8" version="0.9.8zc"/>
<affects base="1.0.0" version="1.0.0o"/>
<affects base="1.0.1" version="1.0.1j"/>
@@ -3689,6 +3691,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20150105">
<cve name="2014-3572"/>
+ <impact severity="Low"/>
<affects base="0.9.8" version="0.9.8"/>
<affects base="0.9.8" version="0.9.8a"/>
<affects base="0.9.8" version="0.9.8b"/>
@@ -3757,8 +3760,79 @@ the certificate key is invalid. This function is rarely used in practice.
<reported source="Karthikeyan Bhargavan of the PROSECCO team at INRIA"/>
</issue>
+ <issue public="20150105">
+ <cve name="2014-3571"/>
+ <impact severity="Moderate"/>
+ <affects base="0.9.8" version="0.9.8"/>
+ <affects base="0.9.8" version="0.9.8a"/>
+ <affects base="0.9.8" version="0.9.8b"/>
+ <affects base="0.9.8" version="0.9.8c"/>
+ <affects base="0.9.8" version="0.9.8d"/>
+ <affects base="0.9.8" version="0.9.8e"/>
+ <affects base="0.9.8" version="0.9.8f"/>
+ <affects base="0.9.8" version="0.9.8g"/>
+ <affects base="0.9.8" version="0.9.8h"/>
+ <affects base="0.9.8" version="0.9.8i"/>
+ <affects base="0.9.8" version="0.9.8j"/>
+ <affects base="0.9.8" version="0.9.8k"/>
+ <affects base="0.9.8" version="0.9.8l"/>
+ <affects base="0.9.8" version="0.9.8m"/>
+ <affects base="0.9.8" version="0.9.8n"/>
+ <affects base="0.9.8" version="0.9.8o"/>
+ <affects base="0.9.8" version="0.9.8p"/>
+ <affects base="0.9.8" version="0.9.8q"/>
+ <affects base="0.9.8" version="0.9.8r"/>
+ <affects base="0.9.8" version="0.9.8s"/>
+ <affects base="0.9.8" version="0.9.8t"/>
+ <affects base="0.9.8" version="0.9.8u"/>
+ <affects base="0.9.8" version="0.9.8v"/>
+ <affects base="0.9.8" version="0.9.8w"/>
+ <affects base="0.9.8" version="0.9.8x"/>
+ <affects base="0.9.8" version="0.9.8y"/>
+ <affects base="0.9.8" version="0.9.8za"/>
+ <affects base="0.9.8" version="0.9.8zb"/>
+ <affects base="0.9.8" version="0.9.8zc"/>
+ <affects base="1.0.0" version="1.0.0"/>
+ <affects base="1.0.0" version="1.0.0a"/>
+ <affects base="1.0.0" version="1.0.0b"/>
+ <affects base="1.0.0" version="1.0.0c"/>
+ <affects base="1.0.0" version="1.0.0d"/>
+ <affects base="1.0.0" version="1.0.0e"/>
+ <affects base="1.0.0" version="1.0.0f"/>
+ <affects base="1.0.0" version="1.0.0g"/>
+ <affects base="1.0.0" version="1.0.0i"/>
+ <affects base="1.0.0" version="1.0.0j"/>
+ <affects base="1.0.0" version="1.0.0k"/>
+ <affects base="1.0.0" version="1.0.0l"/>
+ <affects base="1.0.0" version="1.0.0m"/>
+ <affects base="1.0.0" version="1.0.0n"/>
+ <affects base="1.0.0" version="1.0.0o"/>
+ <affects base="1.0.1" version="1.0.1"/>
+ <affects base="1.0.1" version="1.0.1a"/>
+ <affects base="1.0.1" version="1.0.1b"/>
+ <affects base="1.0.1" version="1.0.1c"/>
+ <affects base="1.0.1" version="1.0.1d"/>
+ <affects base="1.0.1" version="1.0.1e"/>
+ <affects base="1.0.1" version="1.0.1f"/>
+ <affects base="1.0.1" version="1.0.1g"/>
+ <affects base="1.0.1" version="1.0.1h"/>
+ <affects base="1.0.1" version="1.0.1i"/>
+ <affects base="1.0.1" version="1.0.1j"/>
+ <fixed base="1.0.1" version="1.0.1k" date="20150108"/>
+ <fixed base="1.0.0" version="1.0.0p" date="20150108"/>
+ <fixed base="0.9.8" version="0.9.8zd" date="20150108"/>
+
+ <description>
+ A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
+ to a NULL pointer dereference. This could lead to a Denial Of Service attack.
+ </description>
+ <advisory url="/news/secadv/20150108.txt"/>
+ <reported source="Markus Stenberg of Cisco Systems, Inc"/>
+ </issue>
+
<issue public="20150106">
<cve name="2015-0204"/>
+ <impact severity="Low"/>
<affects base="0.9.8" version="0.9.8"/>
<affects base="0.9.8" version="0.9.8a"/>
<affects base="0.9.8" version="0.9.8b"/>
@@ -3829,6 +3903,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20150108">
<cve name="2015-0205"/>
+ <impact severity="Low"/>
<affects base="1.0.0" version="1.0.0"/>
<affects base="1.0.0" version="1.0.0a"/>
<affects base="1.0.0" version="1.0.0b"/>
@@ -3872,6 +3947,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20150105">
<cve name="2014-8275"/>
+ <impact severity="Low"/>
<affects base="0.9.8" version="0.9.8"/>
<affects base="0.9.8" version="0.9.8a"/>
<affects base="0.9.8" version="0.9.8b"/>
@@ -3951,6 +4027,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20150108">
<cve name="2014-3570"/>
+ <impact severity="Low"/>
<affects base="0.9.8" version="0.9.8"/>
<affects base="0.9.8" version="0.9.8a"/>
<affects base="0.9.8" version="0.9.8b"/>
@@ -4040,6 +4117,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20141015">
<cve name="2014-3513"/>
+ <impact severity="High"/>
<affects base="1.0.1" version="1.0.1"/>
<affects base="1.0.1" version="1.0.1a"/>
<affects base="1.0.1" version="1.0.1b"/>
@@ -4066,6 +4144,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20141015">
<cve name="2014-3567"/>
+ <impact severity="Moderate"/>
<affects base="0.9.8" version="0.9.8g"/>
<affects base="0.9.8" version="0.9.8h"/>
<affects base="0.9.8" version="0.9.8i"/>
@@ -4201,6 +4280,7 @@ the certificate key is invalid. This function is rarely used in practice.
<issue public="20141015">
<cve name="2014-3568"/>
+ <impact severity="Low"/>
<affects base="0.9.8" version="0.9.8"/>
<affects base="0.9.8" version="0.9.8a"/>
<affects base="0.9.8" version="0.9.8b"/>
More information about the openssl-commits
mailing list