thijs at alioth.debian.org
2008-May-14 08:10 UTC
[Secure-testing-commits] r8800 - data/CVE
Author: thijs
Date: 2008-05-14 08:10:00 +0000 (Wed, 14 May 2008)
New Revision: 8800
Modified:
data/CVE/list
Log:
remove etch point update refs for openssl issues rolled into DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-05-13 21:14:14 UTC (rev 8799)
+++ data/CVE/list 2008-05-14 08:10:00 UTC (rev 8800)
@@ -10001,8 +10001,6 @@
CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8
before ...)
{DSA-1571-1}
- openssl 0.9.8f-1 (low)
- [etch] - openssl <no-dsa> (Will be fixed in a point update)
- TODO: [etch] - openssl 0.9.8c-4etch2
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
@@ -14575,10 +14573,8 @@
CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in
OpenSSL ...)
{DSA-1571-1}
- openssl 0.9.8e-6 (bug #438142; low)
- TODO: [etch] - openssl 0.9.8c-4etch2
- openssl097 <removed> (bug #438180)
[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
- [etch] - openssl <no-dsa> (Not exploitable in a real-world scenario)
[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including
...)
- linux-2.6 2.6.22-1 (unimportant)