1
PublicDateAtUSN: 2016-09-21
2
Candidate: CVE-2016-6306
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306
6
https://www.openssl.org/news/secadv/20160922.txt
7
https://usn.ubuntu.com/usn/usn-3087-1
9
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i
10
might allow remote attackers to cause a denial of service (out-of-bounds
11
read) via crafted certificate operations, related to s3_clnt.c and
17
Discovered-by: Shi Lei
21
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9 (1.0.1)
22
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=bb1a4866034255749ac578adb06a76335fc117b1 (1.0.1)
23
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=ff553f837172ecb2b5c8eca257ec3c5619a4b299 (1.0.2)
24
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=006a788c84e541c8920dd2ad85fb62b52185c519 (1.0.2)
25
upstream_openssl: released (1.0.2i, 1.0.1u)
26
precise_openssl: released (1.0.1-4ubuntu5.37)
27
precise/esm_openssl: released (1.0.1-4ubuntu5.37)
28
trusty_openssl: released (1.0.1f-1ubuntu2.20)
29
vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu11.7)
30
vivid/stable-phone-overlay_openssl: pending (1.0.1f-1ubuntu11.7)
31
xenial_openssl: released (1.0.2g-1ubuntu4.4)
32
yakkety_openssl: released (1.0.2g-1ubuntu9)
33
zesty_openssl: released (1.0.2g-1ubuntu9)
34
artful_openssl: released (1.0.2g-1ubuntu9)
35
bionic_openssl: released (1.0.2g-1ubuntu9)
36
devel_openssl: released (1.0.2g-1ubuntu9)
39
upstream_openssl098: needs-triage
40
precise_openssl098: ignored (reached end-of-life)
41
precise/esm_openssl098: DNE (precise was needed)
42
trusty_openssl098: needed
43
vivid/ubuntu-core_openssl098: DNE
44
vivid/stable-phone-overlay_openssl098: DNE
45
xenial_openssl098: DNE
46
yakkety_openssl098: DNE
48
artful_openssl098: DNE
49
bionic_openssl098: DNE