Use HTTPS transport for www.openwall.com/lists/oss-security URLs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-08-24 16:17:56 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-08-24 16:17:56 +0200
commit: cfa07fd63fbd44ca02a75eea22c4af64fc91ea00 (patch)
tree: 9fe58f41585cba5f744d66cb7bb5f75612504923
parent: b68fc0233f80c307d2cadab9ac883641eb8095b2 (diff)
13 files changed, 1323 insertions, 1323 deletions
diff --git a/data/CVE/list.2002 b/data/CVE/list.2002
index e21a6e8f7d..3bffd33c93 100644
--- a/data/CVE/list.2002
+++ b/data/CVE/list.2002
@@ -8,7 +8,7 @@ CVE-2002-2483
 	- linux-2.6 2.4.20
 CVE-2002-2444 (Snoopy before 2.0.0 has a security hole in exec cURL ...)
 	- libphp-snoopy <not-affected> (affected version never was in the repo)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2014/07/18/2
 	NOTE: http://sourceforge.net/p/snoopy/bugs/13/
 CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...)
 	{DSA-2701-1}
diff --git a/data/CVE/list.2008 b/data/CVE/list.2008
index 28e662bfe3..06939defd3 100644
--- a/data/CVE/list.2008
+++ b/data/CVE/list.2008
@@ -25,7 +25,7 @@ CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute arb
 	[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
 	[squeeze] - libui-dialog-perl <no-dsa> (Minor issue)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/08/2
 CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service (crash) ...)
 	NOT-FOR-US: mIRC
 CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to execut ...)
@@ -9698,7 +9698,7 @@ CVE-2008-XXXX [libetpan NULL deref]
 CVE-2008-XXXX [XSS in press-this of wordpress]
 	- wordpress <not-affected> (Vulnerable code not present)
 	NOTE: this code was never present in a released wordpress version
-	NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5
+	NOTE: https://www.openwall.com/lists/oss-security/2008/07/15/5
 CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...)
 	- phpbb3 3.0.2-1 (low)
 	- phpbb2 <not-affected> (Vulnerable code not present)
@@ -10931,7 +10931,7 @@ CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attacker
 CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...)
 	- fetchmail 6.3.9~rc2-1 (unimportant)
 	[etch] - fetchmail 6.3.6-1etch3
-	NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2008/06/13/1
 	NOTE: -vv is only used for debugging purposes so this does not
 	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
 	NOTE: use.
@@ -11617,7 +11617,7 @@ CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby b
 	{DSA-1618-1 DSA-1612-1}
 	- ruby1.9 1.9.0.2-2
 	- ruby1.8 1.8.7.22-2
-	NOTE: http://www.openwall.com/lists/oss-security/2008/07/02/3
+	NOTE: https://www.openwall.com/lists/oss-security/2008/07/02/3
 CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on  ...)
 	- vsftpd <not-affected> (debian versions all include the fix)
 CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.3 ...)
@@ -15304,7 +15304,7 @@ CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does n
 	- lighttpd 1.4.18-2 (medium; bug #466663)
 CVE-2008-0883 (acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite ...)
 	NOT-FOR-US: Adobe Acrobat Reader
-	NOTE: http://www.openwall.com/lists/oss-security/2008/02/21/5
+	NOTE: https://www.openwall.com/lists/oss-security/2008/02/21/5
 CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan M ...)
 	NOT-FOR-US: LookStrike Lan Manager
 CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide (com_medias ...)
diff --git a/data/CVE/list.2009 b/data/CVE/list.2009
index 0a315da66c..a6e7d452fe 100644
--- a/data/CVE/list.2009
+++ b/data/CVE/list.2009
@@ -295,8 +295,8 @@ CVE-2009-5031 (ModSecurity before 2.5.11 treats request parameter values contain
 	- modsecurity-apache <not-affected> (Fixed before initial upload)
 	- libapache-mod-security 2.5.12-1
 	NOTE: https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/2
 CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allo ...)
 	{DSA-2629-1}
 	- openjpeg 1.3+dfsg-4.1 (medium; bug #672455)
@@ -3974,7 +3974,7 @@ CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r816
 	{DSA-1928-1 DSA-1915-1}
 	- linux-2.6 2.6.29-1 (medium)
 	- linux-2.6.24 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2009/10/15/4
 CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink subsy ...)
 	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
 	- linux-2.6 2.6.31-2 (low)
@@ -7637,7 +7637,7 @@ CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote att
 CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in  ...)
 	{DSA-1914-1}
 	- mapserver 5.4.2-1 (medium; bug #535340)
-	NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
+	NOTE: https://www.openwall.com/lists/oss-security/2009/06/22/2
 CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4 ...)
 	{DSA-1836-1}
 	- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
diff --git a/data/CVE/list.2010 b/data/CVE/list.2010
index 5a5d7fc848..e5f495442f 100644
--- a/data/CVE/list.2010
+++ b/data/CVE/list.2010
@@ -48,7 +48,7 @@ CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earl
 	NOT-FOR-US: ZeusCart
 CVE-2010-XXXX [crash when parsing overly long links]
 	- lynx-cur 2.8.8dev.4-1
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/07/2
 CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf sub ...)
 	- linux <unfixed> (unimportant; bug #827340)
 	- linux-2.6 <removed> (unimportant)
@@ -4325,8 +4325,8 @@ CVE-2010-3674 (TYPO3 before 4.4.1 allows XSS in the frontend search box. ...)
 CVE-2010-XXXX [piwigo]
 	- piwigo 2.1.2-2
 	NOTE: http://www.exploit-db.com/exploits/14973/
-	NOTE: First unfilled CVE-request http://www.openwall.com/lists/oss-security/2010/12/07/1
-	NOTE: Second CVE-request http://www.openwall.com/lists/oss-security/2012/10/06/3
+	NOTE: First unfilled CVE-request https://www.openwall.com/lists/oss-security/2010/12/07/1
+	NOTE: Second CVE-request https://www.openwall.com/lists/oss-security/2012/10/06/3
 CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...)
 	NOT-FOR-US: wpQuiz
 CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...)
@@ -8690,7 +8690,7 @@ CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in S
 CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
 	{DSA-2080-1}
 	- ghostscript 8.71~dfsg-4
-	NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3
+	NOTE: https://www.openwall.com/lists/oss-security/2010/05/11/3
 CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ex ...)
 	- php5 <removed> (unimportant)
 CVE-2010-1867 (SQL injection vulnerability in the ArticleAttachment::GetAttachmentsBy ...)
@@ -11559,7 +11559,7 @@ CVE-2010-2450 (The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/
 CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0'  ...)
 	- libesmtp 1.0.4-5 (bug #572960)
 	[lenny] - libesmtp <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
+	NOTE: https://www.openwall.com/lists/oss-security/2010/03/03/6
 CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...)
 	NOT-FOR-US: VMware Server
 CVE-2010-XXXX [argyll unsafe udev rules]
@@ -11787,7 +11787,7 @@ CVE-2010-0735
 CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enab ...)
 	{DSA-2023-1}
 	- curl 7.20.0-1 (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2010/03/16/11
+	NOTE: https://www.openwall.com/lists/oss-security/2010/03/16/11
 	NOTE: depends on the application that uses libcurl
 CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4. ...)
 	- postgresql-8.4 8.4.2-1
@@ -11795,7 +11795,7 @@ CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensav
 	- gtk+2.0 2.18.5-1
 	[lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
 	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
-	NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1
+	NOTE: https://www.openwall.com/lists/oss-security/2010/02/12/1
 CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before 1 ...)
 	- gnutls26 <not-affected> (Fixed before initial release)
 	- gnutls13 1.2.1-1
@@ -12513,7 +12513,7 @@ CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache H
 	- apache2 2.2.15-1
 CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before  ...)
 	- openssl <not-affected> (Kerberos support not enabled)
-	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
+	NOTE: https://www.openwall.com/lists/oss-security/2010/03/03/5
 CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...)
 	NOT-FOR-US: Apache Open For Business Project (OFBiz)
 CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat E ...)
@@ -12528,11 +12528,11 @@ CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervi
 CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, doe ...)
 	{DSA-2006-1}
 	- sudo 1.7.0-1
-	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
+	NOTE: https://www.openwall.com/lists/oss-security/2010/02/23/4
 CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-com ...)
 	{DSA-2006-1}
 	- sudo 1.7.2p1-1.2 (bug #570737)
-	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
+	NOTE: https://www.openwall.com/lists/oss-security/2010/02/23/4
 CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server  ...)
 	- apache2 <not-affected> (Windows only)
 CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2)  ...)
diff --git a/data/CVE/list.2011 b/data/CVE/list.2011
index a92ecf2a33..f1cd3653b7 100644
--- a/data/CVE/list.2011
+++ b/data/CVE/list.2011
@@ -13,7 +13,7 @@ CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of
 	{DSA-3555-1}
 	- imlib2 1.4.8-1 (bug #639414)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/5
 CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
 	{DLA-1445-1}
 	- busybox 1:1.27.2-1 (bug #802702)
@@ -44,7 +44,7 @@ CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local user
 	NOTE: 2.15 ist the first version recieving the fix, mark with upstream version which should
 	NOTE: be handled correctly then by the tracker.
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=13138
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/26/2
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
 	NOTE: CVE assigned specific to the https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4 issue
 CVE-2011-5318 (Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.C ...)
@@ -156,7 +156,7 @@ CVE-2011-5268 (connection.c in Bip before 0.8.9 does not properly close sockets,
 	- bip 0.8.9-1
 	[squeeze] - bip <no-dsa> (Minor issue)
 	[wheezy] - bip <no-dsa> (Minor issue)
-	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
+	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: https://www.openwall.com/lists/oss-security/2014/01/02/9
 CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in spell-check-sav ...)
 	NOT-FOR-US: SpellChecker module in Xinha
 CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
@@ -892,7 +892,7 @@ CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleH
 	- python2.7 2.7.2-8 (unimportant)
 	- python2.6 <unfixed> (unimportant; bug #664135)
 	- python2.5 <removed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/11
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/11
 	NOTE: This only affects IE7, which is inherently insecure anyway
 CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin befor ...)
 	- pidgin 2.10.2-1 (bug #664028)
@@ -2819,7 +2819,7 @@ CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 f
 	- drupal6-mod-views 2.14-1
 CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not properly res ...)
 	- linux-2.6 3.1-1 (unimportant)
-	NOTE: Turned out to be a non-issue, http://www.openwall.com/lists/oss-security/2011/11/24/3
+	NOTE: Turned out to be a non-issue, https://www.openwall.com/lists/oss-security/2011/11/24/3
 CVE-2011-4111 (Buffer overflow in the ccid_card_vscard_handle_message function in hw/ ...)
 	- qemu 0.15.1+dfsg-2
 	[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
@@ -4992,15 +4992,15 @@ CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Pass
 CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...)
 	{DSA-2386-1}
 	- openttd 1.1.3-1
-	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
+	NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
 CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attacke ...)
 	{DSA-2386-1}
 	- openttd 1.1.3-1
-	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
+	NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
 CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 al ...)
 	{DSA-2386-1}
 	- openttd 1.1.3-1
-	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
+	NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
 CVE-2011-3340 (SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remo ...)
 	NOT-FOR-US: ATCOM Netvolution
 CVE-2011-3339 (Cross-site scripting (XSS) vulnerability in the Admin Control Center i ...)
@@ -9349,7 +9349,7 @@ CVE-2011-1775 (The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.
 	NOTE: https://github.com/TigerVNC/tigervnc/commit/ce6c8b097f0d5b161039dc8c8208aff078d433ff
 CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security sett ...)
 	NOTE: CVE-2011-1774 is about webkit's interface to xmlsec, CVE-2011-1425 is the actual issue
-	NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4
+	NOTE: https://www.openwall.com/lists/oss-security/2011/05/09/4
 CVE-2011-1773 (virt-v2v before 0.8.4 does not preserve the VNC console password when  ...)
 	NOT-FOR-US: virt-v2v
 CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...)
diff --git a/data/CVE/list.2012 b/data/CVE/list.2012
index 2a753a17db..373c688e5b 100644
--- a/data/CVE/list.2012
+++ b/data/CVE/list.2012
@@ -61,7 +61,7 @@ CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5
 	- libclamunrar 0.99-4 (bug #867223)
 	[stretch] - libclamunrar 0.99-3+deb9u1
 	[jessie] - libclamunrar 0.99-0+deb8u3
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/9
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/9
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
 CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Stat ...)
@@ -118,12 +118,12 @@ CVE-2012-6696 (inspircd in Debian before 2.0.7 does not properly handle unsigned
 	{DSA-3226-1 DLA-276-1}
 	- inspircd 2.0.16-1 (bug #780880)
 	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5
 CVE-2012-6697 (InspIRCd before 2.0.7 allows remote attackers to cause a denial of ser ...)
 	{DSA-3226-1 DLA-276-1}
 	- inspircd 2.0.16-1 (bug #780880)
 	NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5
 CVE-2012-6690
 	RESERVED
 CVE-2012-6688
@@ -134,7 +134,7 @@ CVE-2012-6689 (The netlink_sendmsg function in net/netlink/af_netlink.c in the L
 	[wheezy] - linux 3.2.30-1
 	- linux-2.6 <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/13
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
 CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause  ...)
 	{DLA-431-1 DLA-430-1}
@@ -143,7 +143,7 @@ CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to c
 	- libfcgi-perl 0.78-2 (bug #815840)
 	[jessie] - libfcgi-perl 0.77-1+deb8u1
 	[wheezy] - libfcgi-perl <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/4
 CVE-2012-XXXX [Insufficient validation of USB device descriptors]
 	- oss4 4.2-build2010-2 (bug #775662)
 	[wheezy] - oss4 <no-dsa> (Minor issue)
@@ -1050,7 +1050,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi
 	[squeeze] - snack 2.2.10-dfsg1-9+squeeze1
 	- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
 	NOTE: http://secunia.com/advisories/49889/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/10/2
 CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...)
 	NOT-FOR-US: Soapbox
 CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...)
@@ -1508,7 +1508,7 @@ CVE-2012-6111 (gnome-keyring does not discard stored secrets when using gnome_ke
 	- gnome-keyring 3.8.2-1 (low; bug #697896)
 	[squeeze] - gnome-keyring <no-dsa> (Minor issue)
 	[wheezy] - gnome-keyring <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/11/5
 CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x  ...)
 	- ruby-rack 1.4.1-2.1 (bug #698440)
 	- librack-ruby <removed>
@@ -1607,8 +1607,8 @@ CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybd
 	{DSA-2612-1}
 	- charybdis 3.3.0-7.1 (bug #697092)
 	- ircd-ratbox 3.0.7.dfsg-3 (bug #697093)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/2
 CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...)
 	- freeciv 2.3.4-1 (low; bug #696306)
 	[squeeze] - freeciv <no-dsa> (Minor issue)
@@ -1630,13 +1630,13 @@ CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move func
 	NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
 CVE-2012-6079 (W3 Total Cache before 0.9.2.5 exposes sensitive cached database inform ...)
 	NOT-FOR-US: W3 Total Cache
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
 CVE-2012-6078 (W3 Total Cache before 0.9.2.5 generates hash keys insecurely which all ...)
 	NOT-FOR-US: W3 Total Cache
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
 CVE-2012-6077 (W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve pass ...)
 	NOT-FOR-US: W3 Total Cache
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
 CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the curre ...)
 	- inkscape 0.48.3.1-1.3 (low; bug #654341)
 	[squeeze] - inkscape <no-dsa> (Minor issue)
@@ -1647,20 +1647,20 @@ CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device
 	- qemu-kvm 1.1.2+dfsg-4 (bug #696051)
 	- xen 4.1.3-8
 	[squeeze] - xen <not-affected> (In Squeeze the code is in the package xen-qemu-dm-4.0)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/1
 CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenk ...)
 	- jenkins 1.447.2+dfsg-3 (bug #696816)
 	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
 CVE-2012-6073 (Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS befor ...)
 	- jenkins 1.447.2+dfsg-3 (bug #696816)
 	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
 CVE-2012-6072 (CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS befo ...)
 	- jenkins 1.447.2+dfsg-3 (bug #696816)
 	- jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974)
 	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
 CVE-2012-6071 (nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. ...)
 	- nusoap 0.7.3-5 (low; bug #696707)
 	[squeeze] - nusoap <no-dsa> (Minor issue)
@@ -2637,7 +2637,7 @@ CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow co
 	[squeeze] - grep 2.6.3-3+squeeze1
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
 	NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/22/1
 CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js  ...)
 	- owncloud 4.0.8debian-1.3 (bug #696574)
 	[wheezy] - owncloud 4.0.4debian2-3.2
@@ -2648,7 +2648,7 @@ CVE-2012-5664
 	REJECTED
 CVE-2012-5663 (The isearch package (textproc/isearch) before 1.47.01nb1 uses the temp ...)
 	NOT-FOR-US: Isearch
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/21/1
 CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname match ...)
 	- ibm-3270 3.3.14ga11-1 (bug #706547)
 	[wheezy] - ibm-3270 <no-dsa> (Non-free not supported)
@@ -2664,7 +2664,7 @@ CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug
 CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Z ...)
 	{DSA-2602-1}
 	- zendframework 1.11.13-1.1 (bug #696483)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/20/2
 	NOTE: http://framework.zend.com/security/advisory/ZF2012-05
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037
 	NOTE: http://secunia.com/advisories/51583
@@ -2791,7 +2791,7 @@ CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for forgot-passwor
 CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...)
 	- gksu-polkit <removed> (bug #695807)
 	[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/12/12/8
 CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly  ...)
 	NOT-FOR-US: CloudStack
 CVE-2012-5615 (Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.2 ...)
@@ -2810,7 +2810,7 @@ CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and Maria
 	[squeeze] - mysql-5.1 5.1.73-1
 	NOTE: https://mariadb.atlassian.net/browse/MDEV-3910
 	NOTE: http://seclists.org/fulldisclosure/2012/Dec/7
-	NOTE: http://www.openwall.com/lists/oss-security/2013/02/28/10
+	NOTE: https://www.openwall.com/lists/oss-security/2013/02/28/10
 CVE-2012-5613
 	- mysql-5.1 <unfixed> (unimportant; bug #695001)
 	- mysql-5.5 <removed> (unimportant; bug #695001)
@@ -2828,23 +2828,23 @@ CVE-2012-5611 (Stack-based buffer overflow in the acl_get function in Oracle MyS
 CVE-2012-5610 (Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud b ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5609 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5608 (Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/setti ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5607 (The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4 ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
 	- owncloud 4.0.8debian-1.1 (bug #693990)
 	[wheezy] - owncloud 4.0.4debian2-3.1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
 CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable permissio ...)
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when u ...)
@@ -2902,7 +2902,7 @@ CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2
 	{DSA-2589-1}
 	- tiff 4.0.2-1 (bug #694693)
 	- tiff3 3.9.6-10
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/28/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235
 CVE-2012-5580 (Format string vulnerability in the print_proxies function in bin/proxy ...)
 	- libproxy 0.3.1-4 (low)
@@ -2924,7 +2924,7 @@ CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Wind
 	[squeeze] - gimp 2.6.10-1+squeeze4
 	NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
-	NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/11/21/2
 CVE-2012-5575 (Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x befo ...)
 	NOT-FOR-US: Apache CXF
 CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote a ...)
@@ -4792,12 +4792,12 @@ CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 201
 CVE-2012-4410
 	REJECTED
 CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17
 	NOTE: False assignment, will be rejected, see #688123
 CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict acce ...)
 	- owncloud 4.0.7debian-1
 	[wheezy] - owncloud 4.0.4debian2-2
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17
 CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
 	- otrs2 3.1.7+dfsg1-6
 	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
@@ -5555,7 +5555,7 @@ CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException c
 	- smarty <removed> (bug #702710)
 	[squeeze] - smarty 2.6.26-0.2+squeeze1
 	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/19/1
 	NOTE: http://secunia.com/advisories/50589/
 	NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
 	NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658
@@ -5613,7 +5613,7 @@ CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlie
 	[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
 CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk  ...)
 	- spice-gtk 0.12-5 (bug #689155)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/18
 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
 	{DLA-165-1}
 	- eglibc <removed>
@@ -5623,7 +5623,7 @@ CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.
 	- libvirt 0.9.12-5 (bug #687598)
 	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/11
 CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite fea ...)
 	- wordpress 3.4.2+dfsg-1
 CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in Wo ...)
@@ -5633,7 +5633,7 @@ CVE-2012-4420 (An information disclosure flaw was found in the way the Java Virt
 CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor b ...)
 	{DSA-2548-1}
 	- tor 0.2.3.22-rc-1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/5
 	NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
 	NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
 	NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
@@ -5656,7 +5656,7 @@ CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in
 	- mysql-5.5 5.5.30+dfsg-1 (bug #687485)
 CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...)
 	- keystone 2012.1.1-6 (bug #687428)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/7
 CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...)
 	{DLA-165-1}
 	- eglibc <removed>
@@ -5750,32 +5750,32 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not proper
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4380 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attack ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4379 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a rest ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4378 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4377 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 an ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <not-affected> (Introduced in 1.16)
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
 CVE-2012-4376
 	RESERVED
 CVE-2012-4375
@@ -6628,14 +6628,14 @@ CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.
 	- wireshark 1.8.2-1
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2
 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9 ...)
 	{DSA-2590-1}
 	- wireshark 1.8.2-1 (bug #680056)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2
 CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin be ...)
 	NOT-FOR-US: Zingiri not in Debian
 CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before 1 ...)
@@ -6704,12 +6704,12 @@ CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJE
 	- glpi 0.83.31-1 (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1
 CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI b ...)
 	- glpi 0.83.31-1 (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1
 CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server d ...)
 	NOT-FOR-US: mod_pagespeed
 CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var f ...)
@@ -7847,7 +7847,7 @@ CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privilege
 	- glib2.0 2.33.12+really2.32.4-2
 	[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
 	NOTE: fixed in 2.34.0-1 from experimental
-	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/6
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=697105
 	NOTE: http://stealth.openwall.net/null/dzug.c
 CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not prop ...)
@@ -7985,7 +7985,7 @@ CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in
 CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/file-gif ...)
 	- gimp 2.8.2-1 (bug #685397)
 	[squeeze] - gimp 2.6.10-1+squeeze4
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/20/8
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=776572
 CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...)
 	{DLA-165-1}
@@ -7995,8 +7995,8 @@ CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically e
 	{DSA-2603-1}
 	- emacs23 23.4+1-4 (bug #684695)
 	- emacs24 24.2+1-1 (bug #684694)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/2
 CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended restricte ...)
 	{DSA-2530-1}
 	- rssh 2.3.3-5
@@ -8039,7 +8039,7 @@ CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in activesupport/lib/act
 CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...)
 	- rails <not-affected> (Only affects RoR 3.x)
 	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/09/8
 CVE-2012-3462 (A flaw was found in SSSD version 1.9.0. The SSSD's access-provider log ...)
 	- sssd 1.10.0-1
 	NOTE: https://pagure.io/SSSD/sssd/issue/1470
@@ -8078,8 +8078,8 @@ CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5
 	- php5 5.4.4-1 (bug #683694)
 	NOTE: http://seclists.org/bugtraq/2012/Jun/60
 	NOTE: https://bugs.php.net/bug.php?id=61755
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3
-	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/7
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/7
 CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/op ...)
 	- openvswitch 1.4.2+git20120612-8 (bug #683665)
 CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote at ...)
@@ -8098,20 +8098,20 @@ CVE-2012-3444 (The get_image_dimensions function in the image-handling functiona
 	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
 CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before  ...)
 	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
 CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ...)
 	{DSA-2529-1}
 	- python-django 1.4.1-1 (bug #683364)
 	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
 CVE-2012-3441 (The database creation script (module/idoutils/db/scripts/create_mysqld ...)
 	- icinga <not-affected> (Debian uses dbconfig, which does the right thing, bug #683320)
 CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (R ...)
@@ -8146,7 +8146,7 @@ CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel be
 	- linux 3.2.29-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 2.6.32-36
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/26/3
 CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb ...)
 	NOT-FOR-US: Dynamic LDAP backend plugin for BIND
 CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application Se ...)
@@ -8190,7 +8190,7 @@ CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFU
 	NOTE: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
 CVE-2012-3413 (The HTMLQuoteColorer::process function in messageviewer/htmlquotecolor ...)
 	- kdepim <not-affected> (Only affects kdepim >= 4.6)
-	NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3
+	NOTE: CVE-request https://www.openwall.com/lists/oss-security/2012/07/13/3
 	NOTE: https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690
 CVE-2012-3412 (The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before  ...)
@@ -8216,16 +8216,16 @@ CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Pupp
 	NOTE: Fixed in 2.7.18 by updated docs
 CVE-2012-3407 (plow has local buffer overflow vulnerability ...)
 	NOT-FOR-US: plow
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/16
 CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...)
 	{DSA-3169-1 DLA-165-1}
 	- eglibc <removed>
 	- glibc 2.19-14 (low; bug #681888)
 	NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...)
 	{DLA-165-1}
 	- glibc 2.13-35 (low; bug #681473)
@@ -8234,8 +8234,8 @@ CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...)
 	- glibc 2.13-35 (low; bug #681473)
 	- eglibc 2.13-35 (low; bug #681473)
@@ -8243,8 +8243,8 @@ CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...)
 	- gimp 2.8.2-1 (bug #685397)
 	[squeeze] - gimp 2.6.10-1+squeeze4
@@ -8309,16 +8309,16 @@ CVE-2012-3386 (The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.
 	[squeeze] - automake1.9 1.9.6+nogfdl-3.1+squeeze1
 CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to post conte ...)
 	- wordpress 3.4.1+dfsg-1 (bug #680721)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
 CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the customizer in W ...)
 	- wordpress 3.4.1+dfsg-1 (bug #680721)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
 CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...)
 	- wordpress 3.4.1+dfsg-1 (bug #680721)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
 CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...)
 	{DSA-2512-1}
 	- mono 2.10.8.1-5 (bug #681095)
@@ -8328,8 +8328,8 @@ CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the LD_
 	NOT-FOR-US: sblim-sfcb
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770234
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/7
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/8
 CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ...)
 	- nginx 1.2.1-2
 	[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
@@ -8362,7 +8362,7 @@ CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM applianc
 	NOTE: http://seclists.org/bugtraq/2012/Jul/20
 CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Ess ...)
 	- nova 2012.1.1-5 (bug #681301)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/13
 	NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
 	NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9
 	NOTE: https://bugs.launchpad.net/nova/+bug/1017795
@@ -8405,7 +8405,7 @@ CVE-2012-3359 (Luci in Red Hat Conga stores the user's username and password in
 CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in j ...)
 	{DSA-2629-1}
 	- openjpeg 1.3+dfsg-4.4 (bug #681075)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/1
 	NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767
 CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1. ...)
@@ -8428,7 +8428,7 @@ CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) Lyric
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076
 CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain P ...)
 	- dokuwiki 0.0.20130510a-1 (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/24/2
 CVE-2012-3353 (The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling J ...)
 	NOT-FOR-US: Apache Sling
 CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...)
@@ -8450,7 +8450,7 @@ CVE-2012-3346
 	RESERVED
 CVE-2012-3345 (ioquake3 before r2253 allows local users to overwrite arbitrary files  ...)
 	- ioquake3 1.36+svn2224-4
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/3
 CVE-2012-3344
 	RESERVED
 CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before 3 ...)
@@ -9816,7 +9816,7 @@ CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before 20.0.
 CVE-2012-2763 (Buffer overflow in the readstr_upto function in plug-ins/script-fu/tin ...)
 	- gimp 2.8.0-1 (unimportant)
 	NOTE: Only exploitable in rare/theoretical setups
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/31/1
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c
 CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...)
@@ -9846,8 +9846,8 @@ CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly h
 	{DSA-2506-1}
 	- modsecurity-apache 2.6.6-1 (bug #678527)
 	- libapache-mod-security <removed> (bug #678529)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/2
 CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown imp ...)
 	{DSA-2780-1}
 	- mysql-5.5 5.5.23-1
@@ -9875,11 +9875,11 @@ CVE-2012-2744 (net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel befor
 CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing a ...)
 	- revelation 0.4.11-10 (low; bug #633088)
 	[squeeze] - revelation <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...)
 	- revelation 0.4.11-10 (bug #633088)
 	[squeeze] - revelation <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ i ...)
 	- phplist <itp> (bug #612288)
 CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList befo ...)
@@ -9890,15 +9890,15 @@ CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build
 	NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself
 	NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
 	NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/12
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/17/1
 CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote au ...)
 	- vte 1:0.28.2-5 (bug #677717)
 	- vte3 1:0.32.2-1
 	[squeeze] - vte 1:0.24.3-4
 CVE-2012-2737 (The user_change_icon_file_authorized_cb function in /usr/libexec/accou ...)
 	- accountsservice 0.6.21-6 (bug #679429)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/28/9
 	NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532
 CVE-2012-2736 (In NetworkManager 0.9.2.0, when a new wireless network was created wit ...)
@@ -10007,8 +10007,8 @@ CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the permi
 	NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
 	NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=788642
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/1
-	NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/5
 CVE-2012-2689
 	RESERVED
 CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the s ...)
@@ -10798,7 +10798,7 @@ CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote au
 CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...)
 	{DSA-2477-1}
 	- sympa 6.1.11~dfsg-1 (bug #672893; high)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/12/8
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/12/8
 CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before 1.4 ...)
 	{DSA-2467-1}
 	- mahara 1.4.2-1
@@ -10822,23 +10822,23 @@ CVE-2012-2343
 CVE-2012-2342
 	REJECTED
 CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control mo ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
 	NOT-FOR-US: Drupal Take Control
 CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not sp ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
 	NOT-FOR-US: Drupal Contact Forms
 CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1. ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
 	NOT-FOR-US: Drupal Glossary
 CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette 0 ...)
 	NOT-FOR-US: Galette
 	NOTE: http://redmine.ulysses.fr/issues/250
 	NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/5
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/1
 CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does no ...)
 	{DSA-2478-1}
 	- sudo 1.8.3p2-1.1 (bug #673766)
@@ -10882,15 +10882,15 @@ CVE-2012-2328 (internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Ins
 CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obt ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
 CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel (A ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
 CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in t ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
 CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) b ...)
 	NOT-FOR-US: MyBB
 CVE-2012-2323
@@ -11289,7 +11289,7 @@ CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes
 CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in dh ...)
 	{DSA-2498-1}
 	- dhcpcd 1:3.2.3-11 (bug #671265)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/02/4
 CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ...)
 	{DSA-2461-1}
 	- spip 2.1.13-1 (low; bug #671264)
@@ -13544,11 +13544,11 @@ CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) magick/
 CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in main/u ...)
 	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
 	[squeeze] - asterisk <not-affected> (HTTP digest authentication code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10
 CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the  ...)
 	{DSA-2460-1}
 	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10
 CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14 ...)
 	{DSA-2450-1}
 	- samba 2:3.6.4-1 (bug #668309)
@@ -13570,14 +13570,14 @@ CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol
 CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL  ...)
 	{DSA-2482-1}
 	- libgdata 0.10.2-1 (bug #664032)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/3
 CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi b ...)
 	- pyfribidi 0.11.0-1 (bug #663189)
 	[squeeze] - pyfribidi <no-dsa> (Minor issue)
 CVE-2012-1175 (Integer overflow in the GnashImage::size method in libbase/GnashImage. ...)
 	{DSA-2435-1}
 	- gnash 0.8.10-5 (bug #664023)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/5
 CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login mana ...)
 	- systemd 44-1 (bug #664364)
 CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow r ...)
@@ -13605,12 +13605,12 @@ CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2
 CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL befor ...)
 	{DSA-2454-1}
 	- openssl 1.0.0h-1 (low; bug #663642)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/3
 CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a den ...)
 	{DLA-203-1}
 	- openldap 2.4.31-1 (low; bug #663644)
 	[squeeze] - openldap <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
+	NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/4
 CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...)
 	- libzip 0.10.1-1 (bug #664990)
 	[squeeze] - libzip <not-affected> (Only affects 0.10.x)
@@ -14149,7 +14149,7 @@ CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in th
 	- libav 6:0.8.2-1
 	- ffmpeg 7:2.4.1-1
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963
-	NOTE: http://www.openwall.com/lists/oss-security/2012/05/03/4
+	NOTE: https://www.openwall.com/lists/oss-security/2012/05/03/4
 CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access arbi ...)
 	- nvidia-graphics-drivers 295.40-1
 	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
@@ -14283,7 +14283,7 @@ CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in SimpleS
 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 i ...)
 	{DSA-2454-1}
 	- openssl 1.0.0h-1 (low)
-	NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- http://www.openwall.com/lists/oss-security/2012/03/23/12
+	NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- https://www.openwall.com/lists/oss-security/2012/03/23/12
 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ...)
 	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
 CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other v ...)
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013
index d9de6da437..ba6019364e 100644
--- a/data/CVE/list.2013
+++ b/data/CVE/list.2013
@@ -87,7 +87,7 @@ CVE-2013-7459 (Heap-based buffer overflow in the ALGnew function in block_templa
 CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable permissi ...)
 	{DSA-3634-1 DLA-577-1}
 	- redis 2:3.2.1-4 (bug #832460)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/1
 CVE-2013-7457 (Unspecified vulnerability in the Qualcomm components in Android before ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1 ...)
@@ -100,7 +100,7 @@ CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227
 	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
 CVE-2013-7455 (Double free vulnerability in the DefaultICCintents function in cmscnvr ...)
 	- lcms2 2.6-1
 	[wheezy] - lcms2 <not-affected> (vulnerable code not present, no cmsPipelineFree(Lut); in Error:-part)
@@ -120,7 +120,7 @@ CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows re
 	{DSA-3485-1 DLA-424-1}
 	- didiwiki 0.5-12 (bug #815111)
 	NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/19/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/19/4
 CVE-2013-7447 (Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gd ...)
 	{DLA-419-1}
 	- gtk+2.0 2.24.30-1.1 (bug #799275)
@@ -136,7 +136,7 @@ CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux k
 	- linux-2.6 <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273845
 	NOTE: https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/18/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/18/9
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9)
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
 CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...)
@@ -161,7 +161,7 @@ CVE-2013-7443 (Buffer overflow in the skip-scan optimization in SQLite 3.8.2 all
 	NOTE: Fixed by: https://www.sqlite.org/src/info/ac5852d6403c9c96
 	NOTE: Introduced by: https://www.sqlite.org/src/info/b0bb975c0986fe01
 	NOTE: https://www.sqlite.org/src/info/520070ec7fbaac
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/14/5
 CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
 	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
 CVE-2013-7440 (The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...)
@@ -186,7 +186,7 @@ CVE-2013-7439 (Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLe
 	- libx11 2:1.6.0-1
 	NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/4
 	NOTE: The following packages will be recompiled after the release of
 	NOTE: the DSA for wheezy and the DLA for squeeze:
 	NOTE: libxrender (1:0.9.7-1+deb7u2 / 0.9.6-1+squeeze1+build1)
@@ -209,7 +209,7 @@ CVE-2013-7441 (The modern style negotiation in Network Block Device (nbd-server)
 	{DSA-3271-1}
 	- nbd 1:3.4-1 (bug #781547)
 	[squeeze] - nbd <not-affected> (Named export introduced in 2.9.17)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/19/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/19/6
 CVE-2013-7435 (The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2. ...)
 	NOT-FOR-US: Evergreen library
 CVE-2013-7434
@@ -232,12 +232,12 @@ CVE-2013-7436 (noVNC before 0.5 does not set the secure flag for a cookie in an
 	- novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618)
 	[wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components)
 	NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/17/1
 CVE-2013-7425
 	RESERVED
 CVE-2013-XXXX [TOCTOU race when expanding JAR files]
 	- libbluray 0.7.0-1 (unimportant)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/9
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/06/9
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959433
 	NOTE: libbluray is only in wheezy and later and the issue is neutered by the kernel hardening for /tmp
 	NOTE: Affected code removed in 0.7.0-1
@@ -246,7 +246,7 @@ CVE-2013-7437 (Multiple integer overflows in potrace 1.11 allow remote attackers
 	- potrace 1.12-1 (bug #778646)
 	[squeeze] - potrace <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/12
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/12
 CVE-2013-7449 (The ssl_do_connect function in common/server.c in HexChat before 2.10. ...)
 	- xchat 2.8.8-10 (bug #776609)
 	[jessie] - xchat <no-dsa> (Minor issue)
@@ -276,7 +276,7 @@ CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka g
 	- eglibc <removed>
 	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47
 	NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/28/16
 CVE-2013-7421 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...)
 	{DSA-3170-1}
 	- linux 3.16.7-ckt4-2
@@ -290,7 +290,7 @@ CVE-2013-7422 (Integer underflow in regcomp.c in Perl before 5.20, as used in Ap
 	[wheezy] - perl <no-dsa> (Minor issue)
 	[squeeze] - perl <no-dsa> (Minor issue)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=119505
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/23/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/23/9
 CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities]
 	- lhasa 0.2.0-1
 	[wheezy] - lhasa <no-dsa> (Minor issue)
@@ -577,7 +577,7 @@ CVE-2013-7338 (Python before 3.3.4 RC1 allows remote attackers to cause a denial
 CVE-2013-XXXX [libclamunrar: double-free error libclamunrar_iface/unrar_iface.c]
 	- libclamunrar 0.97.7+dfsg-1 (bug #770647)
 	[wheezy] - libclamunrar <no-dsa> (Non-free not supported, also minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
+	NOTE: https://www.openwall.com/lists/oss-security/2013/11/29/6
 CVE-2013-XXXX [staden-io-lib buffer overflow]
 	- staden-io-lib 1.13.3-2 (low; bug #729276)
 	[squeeze] - staden-io-lib <no-dsa> (Minor issue)
@@ -1194,7 +1194,7 @@ CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earli
 	[squeeze] - nagios3 <no-dsa> (Minor issue)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
 	NOTE: https://dev.icinga.org/issues/5251
-	NOTE: separate CVE requested for nagios, http://www.openwall.com/lists/oss-security/2013/12/23/4
+	NOTE: separate CVE requested for nagios, https://www.openwall.com/lists/oss-security/2013/12/23/4
 	NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
 CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1 ...)
 	{DSA-2956-1}
@@ -1356,7 +1356,7 @@ CVE-2013-7060 (Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allow
 	NOT-FOR-US: Plone
 CVE-2013-7049 (Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as ...)
 	NOTE: vulnerable code not found in Debian
-	NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14
+	NOTE: https://www.openwall.com/lists/oss-security/2013/12/11/14
 	NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer
 CVE-2013-7048 (OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlie ...)
 	- nova 2013.2.2 (bug #732022)
@@ -7467,7 +7467,7 @@ CVE-2013-4550 (Bip before 0.8.9, when running as a daemon, writes SSL handshake
 	[squeeze] - bip <no-dsa> (Minor issue)
 	NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c
 	NOTE: https://projects.duckcorp.org/issues/261
-	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
+	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: https://www.openwall.com/lists/oss-security/2014/01/02/9
 CVE-2013-4549 (QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers t ...)
 	- qtbase-opensource-src 5.1.1+dfsg-6
 	- qt4-x11 4:4.8.5+git192-g085f851+dfsg-1 (low; bug #750141)
@@ -7688,7 +7688,7 @@ CVE-2013-4509 (The default configuration of IBUS 1.5.4, and possibly 1.5.2 and e
 	- ibus-chewing 1.4.3-4 (low; bug #730781)
 	[wheezy] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
 	[squeeze] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/11/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/11/04/2
 	NOTE: This is rather a bug in the various IBus engines not in ibus itself, asked maintainers to investigate affected engines,
 	NOTE: can be assigned to affected engines once more info is available
 	NOTE: Introduced in 1.5, so stable/oldstable not affected
@@ -8244,7 +8244,7 @@ CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kern
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux 3.11.5-1
 	[wheezy] - linux 3.2.53-1
-	NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/09/13/2
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7
 CVE-2013-4349
 	REJECTED
@@ -8255,12 +8255,12 @@ CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the
 CVE-2013-4347 (The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier func ...)
 	- python-oauth2 <removed> (low; bug #722657)
 	[wheezy] - python-oauth2 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2013/09/12/5
 	NOTE: https://github.com/simplegeo/python-oauth2/issues/9
 CVE-2013-4346 (The Server.verify_request function in SimpleGeo python-oauth2 does not ...)
 	- python-oauth2 <removed> (low; bug #722656)
 	[wheezy] - python-oauth2 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2013/09/12/5
 	NOTE: https://github.com/simplegeo/python-oauth2/issues/129
 CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c ...)
 	{DSA-2906-1}
@@ -8360,7 +8360,7 @@ CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka
 	NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
 CVE-2013-4318 (File injection vulnerability in Ruby gem Features 0.3.0 allows remote  ...)
 	NOT-FOR-US: Ruby gem Features
-	NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
+	NOTE: https://www.openwall.com/lists/oss-security/2013/09/09/9
 CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API  ...)
 	NOT-FOR-US: CloudStack
 CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...)
@@ -13634,7 +13634,7 @@ CVE-2013-2221 (Heap-based buffer overflow in the ZRtp::storeMsgTemp function in
 CVE-2013-2220 (Buffer overflow in the radius_get_vendor_attr function in the Radius e ...)
 	{DSA-2726-1}
 	- php-radius 1.2.5-2.4 (bug #714362)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/06/28/2
 CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...)
 	- 389-ds-base 1.3.2.9-1 (bug #718325)
 CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces method in ...)
@@ -13757,7 +13757,7 @@ CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in R
 CVE-2013-2185 (** DISPUTED ** The readObject method in the DiskFileItem class in Apac ...)
 	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813
-	NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2013/09/05/4
 CVE-2013-2184 (Movable Type before 5.2.6 does not properly use the Storable::thaw fun ...)
 	{DSA-3183-1}
 	- movabletype-opensource 5.2.7+dfsg-1 (bug #712602)
@@ -13780,7 +13780,7 @@ CVE-2013-2179 (X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when perfo
 	- xdm <not-affected> (Not affected when PAM is used)
 	[squeeze] - xdm <not-affected> (same as above and glibc too old)
 	[wheezy] - xdm <not-affected> (same as above and glibc too old)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/06/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2013/06/11/5
 CVE-2013-2178 (The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and ap ...)
 	{DSA-2708-1}
 	- fail2ban 0.8.10-1
@@ -13942,7 +13942,7 @@ CVE-2013-2127 (Buffer overflow in the exposure correction code in LibRaw before
 	- libraw <not-affected> (Only affects 0.15, 0.15 was only in experimental)
 	- libkdcraw <not-affected> (embeds libraw 0.14)
 	- darktable <not-affected> (embeds libraw 0.14)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3
 	NOTE: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d
 CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack function in ...)
 	- libraw 0.15.3-1 (low; bug #710353)
@@ -13954,11 +13954,11 @@ CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack functi
 	NOTE: Not suitable for code injection, no security impact for an enduser application like Darktable
 	- kdegraphics <removed>
 	[squeeze] - kdegraphics <not-affected> (embedded version of kdcraw+libraw too old)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3
 	NOTE: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
 CVE-2013-2125 (OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which al ...)
 	- opensmtpd 5.3.3p1-1
-	NOTE: http://www.openwall.com/lists/oss-security/2013/05/18/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/05/18/8
 CVE-2013-2124 (Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before  ...)
 	- libguestfs 1:1.20.8-1 (bug #710290)
 	[wheezy] - libguestfs <not-affected> (Vulnerable code not present)
@@ -14156,7 +14156,7 @@ CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8
 	[squeeze] - nginx <not-affected> (Vulnerable code not present)
 CVE-2013-2069 (Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18. ...)
 	NOT-FOR-US: Red Hat livecd-tools
-	NOTE: http://www.openwall.com/lists/oss-security/2013/05/23/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/05/23/2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=964299
 CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...)
 	NOT-FOR-US: RedHat CloudForms Management Engine
@@ -14197,7 +14197,7 @@ CVE-2013-2058 (The host_start function in drivers/usb/chipidea/host.c in the Lin
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux 3.8-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/05/03/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/05/03/2
 CVE-2013-2057 (YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Includ ...)
 	NOT-FOR-US: YaBB
 CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Sate ...)
@@ -14274,7 +14274,7 @@ CVE-2013-2030 (keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizz
 	NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html
 CVE-2013-2029 (nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...)
 	- nagios3 <not-affected> (Affected file nagios.upgrade_to_v3.sh not in Debian)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/04/30/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/04/30/8
 CVE-2013-2028 (The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx  ...)
 	- nginx <not-affected> (Vulnerable code not present)
 CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of the class ...)
@@ -14300,12 +14300,12 @@ CVE-2013-2024 (OS command injection vulnerability in the "qs" procedure from the
 CVE-2013-2023 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...)
 	- jquery-jplayer 2.1.0-2
 	NOTE: used for jPlayer 2.2.23 XSS
-	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
+	NOTE: https://www.openwall.com/lists/oss-security/2013/05/05/3
 CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jp ...)
 	- jquery-jplayer 2.1.0-2
 	NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
 	NOTE: used for jPlayer 2.2.20 XSS
-	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
+	NOTE: https://www.openwall.com/lists/oss-security/2013/05/05/3
 CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...)
 	- clamav 0.97.8+dfsg-1
 	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
@@ -14458,7 +14458,7 @@ CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file-
 	- gimp 2.8.10-0.1 (bug #731305)
 CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf,  ...)
 	- keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/04/19/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/04/19/2
 CVE-2013-1976 (The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...)
 	- tomcat6 <not-affected> (RedHat-specific issue)
 	- tomcat7 <not-affected> (RedHat-specific issue)
@@ -14549,7 +14549,7 @@ CVE-2013-1950 (The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows
 	- libtirpc <not-affected> (regression code not present)
 	NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe
 	NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f
-	NOTE: http://www.openwall.com/lists/oss-security/2013/04/22/9
+	NOTE: https://www.openwall.com/lists/oss-security/2013/04/22/9
 CVE-2013-1949 (Social Media Widget (social-media-widget) plugin 4.0 for WordPress con ...)
 	NOT-FOR-US: Wordpress Social Media Widget
 CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent ...)
@@ -14602,13 +14602,13 @@ CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb i
 	NOT-FOR-US: Karteek Docsplit Ruby Gem
 CVE-2013-1932 (A cross-site scripting (XSS) vulnerability in the configuration report ...)
 	- mantis <not-affected> (affects Mantis 1.2.13 only)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8
 CVE-2013-1931 (A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows r ...)
 	- mantis <not-affected> (affects Mantis 1.2.14 only)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8
 CVE-2013-1930 (MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the wor ...)
 	- mantis <not-affected> (affects only Mantis 1.2.12 and later)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8
 CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in drivers/net ...)
 	{DSA-2669-1 DSA-2668-1}
 	- linux 3.8.11-1
@@ -14731,7 +14731,7 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly val
 	- mongodb 1:2.4.1-1 (bug #704042)
 	[wheezy] - mongodb 1:2.0.6-1.1
 	[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7
 CVE-2013-1891
 	RESERVED
 CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
@@ -14760,7 +14760,7 @@ CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 th
 	NOTE: http://subversion.apache.org/security/CVE-2013-1884-advisory.txt
 CVE-2013-1883 (Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote a ...)
 	- mantis <not-affected> (only affects 1.2.12 to 1.2.14)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/21/3
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/21/3
 CVE-2013-1882
 	RESERVED
 CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary f ...)
@@ -14785,7 +14785,7 @@ CVE-2013-1874 (Untrusted search path vulnerability in csi in Chicken before 4.8.
 	- chicken 4.8.0.3-1 (low; bug #702410)
 	[squeeze] - chicken <no-dsa> (Minor issue)
 	[wheezy] - chicken <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/19/11
 CVE-2013-1873 [linux kernel kernel stack memory disclosure]
 	REJECTED
 CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent atta ...)
@@ -14812,7 +14812,7 @@ CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revo
 	- keystone <not-affected> (only affects folsom)
 	NOTE: fixed in experimental with keystone/2012.2.3-2
 CVE-2013-1864 (The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga ...)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/15/6
 	- ekiga 4.0.1-1 (low; bug #704133)
 	[wheezy] - ekiga <no-dsa> (Minor issue)
 	[squeeze] - ekiga <no-dsa> (Minor issue)
@@ -14875,11 +14875,11 @@ CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueMan
 CVE-2013-1851 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...)
 	- owncloud 4.0.8debian-1.6 (bug #703094)
 	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-010/
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8
 CVE-2013-1850 (Multiple incomplete blacklist vulnerabilities in (1) import.php and (2 ...)
 	- owncloud 4.0.8debian-1.6 (bug #703094)
 	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8
 CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...)
 	{DLA-207-1}
 	- subversion 1.7.9-1 (bug #704940)
@@ -14890,7 +14890,7 @@ CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect a
 	- linux 3.2.41-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/8
 CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...)
 	{DLA-207-1}
 	- subversion 1.7.9-1 (bug #704940)
@@ -14982,7 +14982,7 @@ CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications for
 CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x  ...)
 	- owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected)
 	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8
 CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...)
 	{DSA-2809-1 DSA-2738-1}
 	- ruby1.9.1 1.9.3.194-8.1 (bug #702525)
@@ -15055,17 +15055,17 @@ CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Lin
 	{DSA-2668-1}
 	- linux 3.2.41-2
 	- linux-2.6 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9
 CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel ...)
 	- linux 3.2.41-2
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9
 CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ker ...)
 	{DSA-2669-1 DSA-2668-1}
 	- linux 3.2.41-2
 	- linux-2.6 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9
 CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote att ...)
 	{DSA-2638-1}
 	- openafs 1.6.1-3
@@ -15132,7 +15132,7 @@ CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.
 CVE-2013-1771 (The web server Monkeyd produces a world-readable log (/var/log/monkeyd ...)
 	- monkey <removed> (low)
 	[squeeze] - monkey <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5
+	NOTE: https://www.openwall.com/lists/oss-security/2013/02/24/5
 CVE-2013-1770 (Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia  ...)
 	- ganglia 3.6.0-1 (low; bug #700158)
 	[squeeze] - ganglia <no-dsa> (Minor issue)
@@ -18264,7 +18264,7 @@ CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spr
 CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ec_scan ...)
 	- ettercap 1:0.7.5.1-2 (low; bug #697987)
 	[squeeze] - ettercap 1:0.7.3-2.1+squeeze1
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/10/2
 	NOTE: http://www.exploit-db.com/exploits/23945/
 	NOTE: https://secunia.com/advisories/51731/
 	NOTE: Proposed patch http://www.securation.com/files/2013/01/ec.patch
@@ -18905,7 +18905,7 @@ CVE-2013-0423 (Unspecified vulnerability in the Java Runtime Environment (JRE) c
 CVE-2013-0422 (Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remot ...)
 	- openjdk-6 <not-affected> (Only affects Java 7)
 	- openjdk-7 7u3-2.1.4-1
-	NOTE: Exploitable on Linux http://www.openwall.com/lists/oss-security/2013/01/11/1
+	NOTE: Exploitable on Linux https://www.openwall.com/lists/oss-security/2013/01/11/1
 CVE-2013-0421
 	REJECTED
 CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle Virtua ...)
@@ -19258,7 +19258,7 @@ CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows contex
 	- nss-pam-ldapd 0.8.10-3 (bug #690319)
 CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) 1 ...)
 	- sssd <not-affected> (Introduced in 1.9.0)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
+	NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/12
 CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...)
 	NOT-FOR-US: Wordpress theme
 CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before  ...)
@@ -19387,7 +19387,7 @@ CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 thro
 CVE-2013-0250 (The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 befor ...)
 	- corosync <not-affected> (Introduced in v1.99.8-2-ge925f42; bug #699615)
 	NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407
-	NOTE: http://www.openwall.com/lists/oss-security/2013/02/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2013/02/01/1
 CVE-2013-0249 (Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...)
 	- curl 7.29.0-1 (bug #700002)
 	[squeeze] - curl <not-affected> (Only affects 7.26.0 to 7.28.1)
@@ -19433,15 +19433,15 @@ CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid be
 CVE-2013-0237 (Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode p ...)
 	- wordpress 3.5.1+dfsg-1 (bug #698929)
 	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7
 CVE-2013-0236 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...)
 	- wordpress 3.5.1+dfsg-1 (bug #698927)
 	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7
 CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers to se ...)
 	- wordpress 3.5.1+dfsg-1 (bug #698916)
 	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7
 CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...)
 	- elgg <itp> (bug #526197)
 CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...)
@@ -19475,13 +19475,13 @@ CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using th
 	NOT-FOR-US: Drupal addon
 CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
 	- coreutils <not-affected> (Affected patch not added to Debian package)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14
 CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
 	- coreutils <not-affected> (Affected patch not added to Debian package)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14
 CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
 	- coreutils <not-affected> (Affected patch not added to Debian package)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14
 CVE-2013-0220 (The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomnt ...)
 	- sssd 1.8.4-2 (low; bug #698871)
 	[squeeze] - sssd <not-affected> (autofs and ssh responders not yet present)
@@ -19550,7 +19550,7 @@ CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt configur
 	- dnsmasq 2.66-1 (low)
 	[wheezy] - dnsmasq <no-dsa> (Minor issue)
 	[squeeze] - dnsmasq <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/18/2
 CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selection_ ...)
 	- mantis <not-affected> (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=15373
@@ -19683,7 +19683,7 @@ CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy connec
 	NOT-FOR-US: OpenShift haproxy cartridge
 CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser  ...)
 	- ruby-parser 2.3.1-2 (bug #701637)
-	NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5
+	NOTE: https://www.openwall.com/lists/oss-security/2013/02/22/5
 CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...)
 	NOT-FOR-US: Havalite CMS
 CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive  ...)
@@ -19707,7 +19707,7 @@ CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails befo
 	- ruby-activesupport-3.2 3.2.6-5 (bug #697790)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 	NOTE: http://www.insinuator.net/2013/01/rails-yaml/
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/08/14
 	NOTE: experimental has 3.2.8-1 and should be affected too
 CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ...)
 	{DSA-2609-1}
@@ -19716,7 +19716,7 @@ CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x
 	- ruby-actionpack-3.2 3.2.6-5 (bug #697802)
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-	NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13
+	NOTE: https://www.openwall.com/lists/oss-security/2013/01/08/13
 CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debug ...)
 	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
 CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, wh ...)
diff --git a/data/CVE/list.2014 b/data/CVE/list.2014
index c608091064..9119efc646 100644
--- a/data/CVE/list.2014
+++ b/data/CVE/list.2014
@@ -1325,7 +1325,7 @@ CVE-2014-9913 (Buffer overflow in the list_files function in list.c in Info-Zip
 	NOTE: Same reproducer as in https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
 	NOTE: can be used to verify a fix (which trigger the issue in unzip -l but crash
 	NOTE: in different areas of the unzip codebase)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5
+	NOTE: https://www.openwall.com/lists/oss-security/2014/11/03/5
 CVE-2014-9912 (The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...)
 	- php5 5.6.0+dfsg-1
 	[wheezy] - php5 5.4.34-0+deb7u1
@@ -1352,7 +1352,7 @@ CVE-2014-9907 (coders/dds.c in ImageMagick allows remote attackers to cause a de
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2014-9906 (Use-after-free vulnerability in DBD::mysql before 4.029 allows attacke ...)
 	{DSA-3635-1 DLA-576-1}
 	- libdbd-mysql-perl 4.033-1
@@ -1703,7 +1703,7 @@ CVE-2014-9773 (modules/chanserv/flags.c in Atheme before 7.2.7 allows remote att
 	NOTE: https://github.com/atheme/atheme/issues/397
 	NOTE: Fixed by: https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b
 	NOTE: Introduced in: https://github.com/atheme/atheme/commit/5c734f28068cf47b9b450af4dcf37195734b15be
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/02/2
 CVE-2014-9772 (The validator package before 2.0.0 for Node.js allows remote attackers ...)
 	- validator.js <not-affected> (Fixed before initial release)
 CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers to cau ...)
@@ -1711,7 +1711,7 @@ CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers t
 	- imlib2 1.4.7-1 (bug #820206)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/3
 CVE-2014-9770 (tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions fo ...)
 	- systemd 215-1
 	[wheezy] - systemd <not-affected> (Vulnerable code not present)
@@ -1724,7 +1724,7 @@ CVE-2014-9769 (pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1475 (8.36)
 	NOTE: Introduced in: http://vcs.pcre.org/pcre?view=revision&revision=1434 (8.35)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/26/1
 CVE-2014-9768 (** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote ...)
 	NOT-FOR-US: Tivoli
 CVE-2014-9767 (Directory traversal vulnerability in the ZipArchive::extractTo functio ...)
@@ -1744,7 +1744,7 @@ CVE-2014-9765 (Buffer overflow in the main_get_appheader function in xdelta3-mai
 	{DSA-3484-1 DLA-417-1}
 	- xdelta3 3.0.8-dfsg-1.1 (bug #814067)
 	NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/08/1
 CVE-2014-9764 (imlib2 before 1.4.7 allows remote attackers to cause a denial of servi ...)
 	{DSA-3537-1 DLA-401-1}
 	- imlib2 1.4.7-1
@@ -1778,7 +1778,7 @@ CVE-2014-9759 (Incomplete blacklist vulnerability in the config_is_private funct
 	NOTE: http://github.com/mantisbt/mantisbt/commit/7927c275
 	NOTE: https://sourceforge.net/p/mantisbt/mailman/message/32948048/
 	NOTE: https://mantisbt.org/bugs/view.php?id=20277
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/02/1
 CVE-2014-9758 (Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platfor ...)
 	NOT-FOR-US: Magento
 CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...)
@@ -1823,7 +1823,7 @@ CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before
 	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
 	NOTE: https://savannah.nongnu.org/bugs/?41590
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 (VER-2-5-3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4
 CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse ...)
 	{DSA-3370-1 DLA-319-1}
 	- freetype 2.6-1 (bug #798619)
@@ -1831,7 +1831,7 @@ CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_
 	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
 	NOTE: https://savannah.nongnu.org/bugs/?41309
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4
 CVE-2014-9747 (The t42_parse_encoding function in type42/t42parse.c in FreeType befor ...)
 	{DSA-3370-1 DLA-319-1}
 	- freetype 2.6-1 (bug #798619)
@@ -1839,7 +1839,7 @@ CVE-2014-9747 (The t42_parse_encoding function in type42/t42parse.c in FreeType
 	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
 	NOTE: https://savannah.nongnu.org/bugs/?41309
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4
 CVE-2014-9744 (Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause  ...)
 	- polarssl 1.3.9-1
 	[wheezy] - polarssl <not-affected> (Affects only 1.3.x series)
@@ -1858,7 +1858,7 @@ CVE-2014-9939 (ihex.c in GNU Binutils before 2.26 contains a stack buffer overfl
 	- binutils 2.25.90.20151125-1
 	[jessie] - binutils <ignored> (Minor issue)
 	- gdb 7.10-1 (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/31/6
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18750
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b
 CVE-2014-8878 (KDE KMail does not encrypt attachments in emails when "automatic encry ...)
@@ -1867,7 +1867,7 @@ CVE-2014-8878 (KDE KMail does not encrypt attachments in emails when "automatic
 	[wheezy] - kdepim <no-dsa> (Minor issue)
 	[squeeze] - kdepim <not-affected> (Bogus condition not present)
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=340312
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/15/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/15/5
 CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
 	NOT-FOR-US: ArcGIS
 CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x- ...)
@@ -1894,21 +1894,21 @@ CVE-2014-9731 (The UDF filesystem implementation in the Linux kernel before 3.18
 	[wheezy] - linux 3.2.68-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (v3.19-rc3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/03/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/03/4
 CVE-2014-9730 (The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel be ...)
 	{DLA-246-1}
 	- linux 3.16.7-ckt4-1
 	[wheezy] - linux 3.2.68-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7
 CVE-2014-9729 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel befo ...)
 	{DLA-246-1}
 	- linux 3.16.7-ckt4-1
 	[wheezy] - linux 3.2.68-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7
 CVE-2014-9728 (The UDF filesystem implementation in the Linux kernel before 3.18.2 do ...)
 	{DLA-246-1}
 	- linux 3.16.7-ckt4-1
@@ -1917,7 +1917,7 @@ CVE-2014-9728 (The UDF filesystem implementation in the Linux kernel before 3.18
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c (v3.19-rc3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7
 CVE-2014-9726
 	RESERVED
 CVE-2014-9725
@@ -1941,7 +1941,7 @@ CVE-2014-9721 (libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attacker
 	- zeromq3 4.0.5+dfsg-3 (bug #784366)
 	NOTE: https://github.com/zeromq/libzmq/issues/1273
 	NOTE: https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/8
 CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH u ...)
 	- linux 4.0.2-1 (low)
 	[jessie] - linux <ignored> (Too intrusive to backport)
@@ -1949,7 +1949,7 @@ CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DET
 	- linux-2.6 <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
 	NOTE: https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs
 	NOTE: Proposed fixes: http://www.spinics.net/lists/linux-containers/msg30786.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/17/4
 	NOTE: CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2
 CVE-2014-9716 (Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows ...)
 	- owncloud <not-affected> (embedded partial copy doesn't contain the related code)
@@ -1963,7 +1963,7 @@ CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subs
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=223b02d923ecd7c84cf9780bb3686f455d279279 (v3.15-rc1)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b423f6a40a0327f9d40bc8b97ce9be266f74368 (v3.6-rc5)
 	NOTE: Introduced in 3.2.x in https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?id=cc1b75d796ad050c83c95733c4220aaa04fa1304 (v3.2.33)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/1
 CVE-2014-9714 (Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveA ...)
 	- hhvm 3.11.0+dfsg-1
 	NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34
@@ -1984,7 +1984,7 @@ CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/24/11
 CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in  ...)
 	{DSA-3259-1}
 	- qemu 1:2.3+dfsg-1 (unimportant; bug #781250)
@@ -1992,7 +1992,7 @@ CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionalit
 	- qemu-kvm <removed> (unimportant)
 	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/24/4
 	NOTE: Per maintainer not a security issue:
 	NOTE: Qemu either leaks memory or loops infinitely. Memory leakage can be easily
 	NOTE: mitigated using some kind of resource limits in security-sensitive environments,
@@ -2004,7 +2004,7 @@ CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich before
 	[jessie] - dulwich 0.9.7-3
 	[squeeze] - dulwich <not-affected> (Repo.checkout (later renamed to build_index_from_tree) introduced past 0.6.1)
 	NOTE: Patch: https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/21/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/21/1
 CVE-2014-9704
 	RESERVED
 CVE-2014-9703
@@ -2057,7 +2057,7 @@ CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict fun
 	- php5 5.6.6+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68552
 	NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/10/6
 CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in Go ...)
 	- chromium-browser 41.0.2272.76-1
 	[wheezy] - chromium-browser <end-of-life>
@@ -2100,10 +2100,10 @@ CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg
 	{DLA-464-1}
 	- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
 	- libav 6:11.2-1
-	NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
+	NOTE: Patch in https://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
 	NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/04/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/04/10
 CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by onl ...)
 	{DSA-3188-1 DLA-185-1}
 	- freetype 2.5.2-3 (bug #777656)
@@ -2222,19 +2222,19 @@ CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in filter/
 	NOTE: Marked with [experimental] tag as the fix is only in experimental so far
 	NOTE: Switch this to regular fixed version once the fix is in unstable
 	NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/10/15
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/10/15
 CVE-2014-9681
 	REJECTED
 CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment variable is ...)
 	{DSA-3167-1 DLA-160-1}
 	- sudo 1.8.12-1 (bug #772707)
 	[jessie] - sudo 1.8.10p3-1+deb8u2
-	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
+	NOTE: https://www.openwall.com/lists/oss-security/2014/10/15/24
 	NOTE: http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x)
 	NOTE: http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0 (typos)
 	NOTE: http://www.sudo.ws/repos/sudo/rev/91859f613b88 (description)
 	NOTE: http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0 (improved description)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/12
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/09/12
 CVE-2014-XXXX [RPATH set to untrusted directory]
 	[experimental] - noise <unfixed> (bug #759868)
 CVE-2014-9655 (The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeX ...)
@@ -2254,7 +2254,7 @@ CVE-2014-9653 (readelf.c in file before 5.22, as used in the Fileinfo component
 	- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
 	NOTE: http://bugs.gw.com/view.php?id=409
 	NOTE: http://mx.gw.com/pipermail/file/2014/001649.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/04/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/04/13
 CVE-2014-9983 (Directory Traversal exists in RAR 4.x and 5.x because an unpack operat ...)
 	- rar 2:5.3.b2-1 (bug #774172)
 	[jessie] - rar <no-dsa> (Non-free not supported)
@@ -2327,7 +2327,7 @@ CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin
 	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
 	[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
 	NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/21/13
 CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ 2.1. ...)
 	- rabbitmq-server 3.4.1-1
 	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
@@ -2335,10 +2335,10 @@ CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ
 	[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
 	NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
 	NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/21/13
 CVE-2014-9732 (The cabd_extract function in cabd.c in libmspack before 0.5 does not p ...)
 	- libmspack 0.5-1 (bug #774665)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2014-9637 (GNU patch 2.7.2 and earlier allows remote attackers to cause a denial  ...)
 	- patch 2.7.1-7
 	[wheezy] - patch <not-affected> (Vulnerability introduced later)
@@ -2349,7 +2349,7 @@ CVE-2014-XXXX [formail: memory corruption]
 	- procmail 3.22-24 (bug #769937)
 	[wheezy] - procmail <no-dsa> (Minor issue)
 	[squeeze] - procmail <no-dsa> (Minor issue)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/21/9
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/01/21/9
 CVE-2014-9630 (The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c  ...)
 	{DSA-3150-1}
 	- vlc 2.2.0~rc2-2 (bug #775866)
@@ -2684,7 +2684,7 @@ CVE-2014-9651 (Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4
 	[jessie] - chicken <no-dsa> (Minor issue)
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	[squeeze] - chicken <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/12/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/12/3
 	NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt
 CVE-2014-1155
 	REJECTED
@@ -2898,7 +2898,7 @@ CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby gem
 	NOT-FOR-US: raven ruby gem
 CVE-2014-9488 (The is_utf8_well_formed function in GNU less before 475 allows remote  ...)
 	- less 481-1 (unimportant; bug #780247)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/14
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/10/14
 	NOTE: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
 CVE-2014-9484
 	RESERVED
@@ -3102,7 +3102,7 @@ CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
 	NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress
 CVE-2014-9482 (Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through ...)
 	- dwarfutils <not-affected> (Vulnerable code introduced later, see bug #774530)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3
+	NOTE: https://www.openwall.com/lists/oss-security/2014/12/31/3
 CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x  ...)
 	{DSA-3117-1}
 	- php5 5.6.5+dfsg-1
@@ -4085,7 +4085,7 @@ CVE-2014-9129 (Cross-site request forgery (CSRF) vulnerability in the CreativeMi
 	NOT-FOR-US: WordPress plugin cm-download-manager
 CVE-2014-8123 (Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37  ...)
 	- antiword 0.37-5 (bug #771768)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/12/01/4
+	NOTE: https://www.openwall.com/lists/oss-security/2014/12/01/4
 	NOTE: This actually was fixed long time ago in https://bugs.debian.org/407015
 CVE-2014-8104 (OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...)
 	{DSA-3084-1 DLA-98-1}
@@ -4163,7 +4163,7 @@ CVE-2014-9114 (Blkid in util-linux before 2.26rc-1 allows local users to execute
 	- util-linux 2.25.2-4 (bug #771274)
 	[squeeze] - util-linux <no-dsa> (Minor issue)
 	[wheezy] - util-linux <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/11/26/13
+	NOTE: https://www.openwall.com/lists/oss-security/2014/11/26/13
 	NOTE: https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc
 CVE-2014-9112 (Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...)
 	{DSA-3111-1 DLA-111-1}
@@ -5581,19 +5581,19 @@ CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.
 	{DSA-3170-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <not-affected> (Introduced in 2.6.38)
-	NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
+	NOTE: References in https://www.openwall.com/lists/oss-security/2014/10/30/7
 	NOTE: Upstream fix: https://git.kernel.org/linus/ca5358ef75fc69fee5322a38a340f5739d997c10 (v3.19-rc1)
 	NOTE: Upstream fix: https://git.kernel.org/linus/946e51f2bf37f1656916eb75bd0742ba33983c28 (v3.19-rc1)
 CVE-2014-8517 (The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in Net ...)
 	- tnftp 20130505-2 (low; bug #767171)
 	[wheezy] - tnftp <no-dsa> (Minor issue)
 	[squeeze] - tnftp <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/10/28/4
+	NOTE: https://www.openwall.com/lists/oss-security/2014/10/28/4
 CVE-2014-9915 (Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers ...)
 	- imagemagick 8:6.8.9.9-1 (bug #767240)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
 	[squeeze] - imagemagick <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2014-8355 (PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers  ...)
 	{DLA-960-1 DLA-242-1}
 	- imagemagick 8:6.8.9.9-1 (bug #767240)
@@ -6717,7 +6717,7 @@ CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion
 	- php5 5.6.4+dfsg-2
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
 	NOTE: https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
-	NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
+	NOTE: Other commits needed as well: https://www.openwall.com/lists/oss-security/2014/12/16/2
 CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...)
 	{DSA-3121-1 DLA-131-1}
 	- file 1:5.21+15-1 (low; bug #773148)
@@ -6727,7 +6727,7 @@ CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote atta
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
 	NOTE: https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b
 	NOTE: https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
-	NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
+	NOTE: Other commits needed as well: https://www.openwall.com/lists/oss-security/2014/12/16/2
 CVE-2014-8115 (The default authorization constrains in KIE Workbench 6.0.x allows rem ...)
 	NOT-FOR-US: KIE Workbench
 CVE-2014-8114 (The UberFire Framework 0.3.x does not properly restrict paths, which a ...)
@@ -11236,7 +11236,7 @@ CVE-2014-6228 (Integer overflow in the string_chunk_split function in hphp/runti
 CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 al ...)
 	{DSA-3019-1 DLA-46-1}
 	- procmail 3.22-22 (bug #760443)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/09/03/8
+	NOTE: https://www.openwall.com/lists/oss-security/2014/09/03/8
 CVE-2014-6241 (SQL injection vulnerability in the wt_directory extension before 1.4.1 ...)
 	NOT-FOR-US: TYPO3 extension wt_directory
 CVE-2014-6240 (Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar ...)
@@ -13580,13 +13580,13 @@ CVE-2014-5207 (fs/namespace.c in the Linux kernel through 3.16.1 does not proper
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705 (v3.17-rc1)
 	NOTE: and: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e (v3.17-rc1)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c55cfc4166d9a0f38de779bd4d75a90afbe7734 (v3.8)
-	NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
+	NOTE: Thread starting at https://www.openwall.com/lists/oss-security/2014/08/12/6
 CVE-2014-5206 (The do_remount function in fs/namespace.c in the Linux kernel through  ...)
 	- linux 3.16.2-1
 	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
 	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130
-	NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
+	NOTE: Thread starting at https://www.openwall.com/lists/oss-security/2014/08/12/6
 CVE-2014-5247 (The _UpgradeBeforeConfigurationChange function in lib/client/gnt_clust ...)
 	- ganeti 2.11.5-1
 	[wheezy] - ganeti <not-affected> (Vulnerable code not present)
@@ -13981,7 +13981,7 @@ CVE-2014-5033 (KDE kdelibs before 4.14 and kauth before 5.1 does not properly us
 	NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
 CVE-2014-5032 (GLPI before 0.84.7 does not properly restrict access to cost informati ...)
 	- glpi <removed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/07/22/6
+	NOTE: https://www.openwall.com/lists/oss-security/2014/07/22/6
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2014-5031 (The web interface in CUPS before 2.0 does not check that files have wo ...)
 	{DSA-2990-1 DLA-0022-1}
@@ -14651,7 +14651,7 @@ CVE-2014-5119 (Off-by-one error in the __gconv_translit_find function in gconv_t
 	{DSA-3012-1 DLA-43-1}
 	- glibc 2.19-10 (medium)
 	- eglibc <removed> (medium)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
+	NOTE: https://www.openwall.com/lists/oss-security/2014/07/14/2
 	NOTE: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
 CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bit ...)
 	{DSA-2988-1}
@@ -14881,7 +14881,7 @@ CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_el
 CVE-2014-4678 (The safe_eval function in Ansible before 1.6.4 does not properly restr ...)
 	- ansible 1.6.6+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
-	NOTE: See http://www.openwall.com/lists/oss-security/2014/06/26/30
+	NOTE: See https://www.openwall.com/lists/oss-security/2014/06/26/30
 CVE-2014-4660 (Ansible before 1.5.5 constructs filenames containing user and password ...)
 	- ansible 1.5.5+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
@@ -16606,7 +16606,7 @@ CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9
 	- sendmail 8.14.4-6 (low; bug #750562)
 	[wheezy] - sendmail 8.14.4-4+deb7u1
 	[squeeze] - sendmail <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
+	NOTE: https://www.openwall.com/lists/oss-security/2014/06/03/1
 CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the presenc ...)
 	- linux 3.14.7-1 (low)
 	[wheezy] - linux 3.2.60-1
@@ -19356,7 +19356,7 @@ CVE-2014-3985 (The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows
 	[wheezy] - miniupnpc <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618
 	NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
-	NOTE: http://www.openwall.com/lists/oss-security/2014/04/30/3
+	NOTE: https://www.openwall.com/lists/oss-security/2014/04/30/3
 CVE-2014-4338 (cups-browsed in cups-filters before 1.0.53 allows remote attackers to  ...)
 	- cups-filters 1.0.53-1
 	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
@@ -20738,7 +20738,7 @@ CVE-2014-2440 (Unspecified vulnerability in the MySQL Client component in Oracle
 	- mariadb-10.0 <not-affected> (Fixed before initial upload)
 	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
 	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
-	NOTE: this is the same issue as CVE-2014-0001, see http://www.openwall.com/lists/oss-security/2014/09/11/23
+	NOTE: this is the same issue as CVE-2014-0001, see https://www.openwall.com/lists/oss-security/2014/09/11/23
 CVE-2014-2439 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...)
 	NOT-FOR-US: Oracle Secure Global Desktop (SGD)
 CVE-2014-2438 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier an ...)
@@ -21993,7 +21993,7 @@ CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-s
 	[wheezy] - gtk+3.0 <not-affected> (Only affects GTK+ 3.10.9 and later)
 	- gtk+2.0 <not-affected> (Only affects GTK+ 3.10.9 and later)
 	- cinnamon 2.2.14-1 (bug #738828)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/02/12/7
+	NOTE: https://www.openwall.com/lists/oss-security/2014/02/12/7
 	NOTE: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4
 	NOTE: The CVE was originally assigned specifically for cinnamon-screensaver, but the underlying fix lies in gtk+3.0
 	NOTE: and later MITRE assigned the CVE to GTK+ 3.10.9 and later, see official MITRE CVE description.
@@ -23567,7 +23567,7 @@ CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrou
 	- xen 4.4.0-1
 	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/01/23/2
+	NOTE: https://www.openwall.com/lists/oss-security/2014/01/23/2
 CVE-2014-1640 (axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe tem ...)
 	- axiom 20120501-17 (low; bug #736358)
 	[squeeze] - axiom <no-dsa> (Minor issue)
@@ -26807,7 +26807,7 @@ CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB be
 CVE-2014-0158 (Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJ ...)
 	- openjpeg 1.3+dfsg-4.7
 	NOTE: Not considering a duplicate of CVE-2013-1447 following
-	NOTE: http://www.openwall.com/lists/oss-security/2014/04/02/2 . A query
+	NOTE: https://www.openwall.com/lists/oss-security/2014/04/02/2 . A query
 	NOTE: to MITRE though indicated that CVE-2014-0158 will not be REJECTED
 	NOTE: since people might have tracked CVE-2014-0158 of the much higher
 	NOTE: impact as due https://bugzilla.redhat.com/show_bug.cgi?id=1082925
diff --git a/data/CVE/list.2015 b/data/CVE/list.2015
index b724f87810..00a5e2c97f 100644
--- a/data/CVE/list.2015
+++ b/data/CVE/list.2015
@@ -1224,7 +1224,7 @@ CVE-2015-8979 (Stack-based buffer overflow in the parsePresentationContext funct
 	NOTE: 3.6.1~20160216-2 is the first version in unstable containing the fix
 	NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
 	NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/2
 CVE-2015-8978 (In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, ...)
 	{DLA-723-1}
 	- libsoap-lite-perl 1.19-1
@@ -1250,7 +1250,7 @@ CVE-2015-8971 (Terminology 0.7.0 allows remote attackers to execute arbitrary co
 	{DSA-3712-1}
 	- terminology 0.7.0-2 (bug #843434)
 	NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/12
 CVE-2015-8969 (git-fastclone before 1.0.5 passes user modifiable strings directly to  ...)
 	NOT-FOR-US: git-fastclone
 CVE-2015-8968 (git-fastclone before 1.0.1 permits arbitrary shell command execution f ...)
@@ -1264,7 +1264,7 @@ CVE-2015-8970 (crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not
 	NOTE: Fixed by: https://git.kernel.org/linus/dd504589577d8e8e70f51f997ad487a4cb6c026f (v4.5-rc1)
 	NOTE: Followed by a complete set of related upstrema commits. See kernel-sec
 	NOTE: triage for details.
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/6
 CVE-2015-8967 (arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local us ...)
 	- linux 4.0.2-1 (unimportant)
 	NOTE: Fixed by: https://git.kernel.org/linus/c623b33b4e9599c6ac5076f7db7369eb9869aa04 (v4.0-rc1)
@@ -1340,7 +1340,7 @@ CVE-2015-8957 (Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2015-8958 (coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attacker ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832465)
@@ -1349,14 +1349,14 @@ CVE-2015-8958 (coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote att
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2015-8959 (coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attacker ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832944)
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2015-8949 (Use-after-free vulnerability in the my_login function in DBD::mysql be ...)
 	{DSA-3635-1 DLA-576-1}
 	- libdbd-mysql-perl 4.035-1
@@ -1379,7 +1379,7 @@ CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the u
 	[wheezy] - ecryptfs-utils <no-dsa> (Only happens if using systemd v207 onward)
 	NOTE: https://launchpad.net/bugs/1447282
 	NOTE: Fixed by: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/2
 CVE-2015-8945 (openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores ...)
 	NOT-FOR-US: OpenShift
 CVE-2015-8944 (The ioresources_init function in kernel/resource.c in the Linux kernel ...)
@@ -1403,7 +1403,7 @@ CVE-2015-8936 (Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squ
 	- squidguard 1.5-5 (unimportant)
 	NOTE: Only affects an example script
 	NOTE: Fix applied: 16_XSS-security-bugfix.patch in 1.5-5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/06/20/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/06/20/2
 CVE-2015-8935 (The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...)
 	- php5 5.6.6+dfsg-1
 	[wheezy] - php5 5.4.38-0+deb7u1
@@ -1605,8 +1605,8 @@ CVE-2015-8896 (Integer truncation issue in coders/pict.c in ImageMagick before 7
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/4
 CVE-2015-8895 (Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later all ...)
 	{DLA-353-1}
 	- imagemagick 8:6.8.9.9-7 (bug #806441)
@@ -1614,8 +1614,8 @@ CVE-2015-8895 (Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and late
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/4
 	NOTE: The issue is only exploitable on 32 bit architectures.
 CVE-2015-8894 (Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and lat ...)
 	- imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524)
@@ -1624,8 +1624,8 @@ CVE-2015-8894 (Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 an
 	[squeeze] - imagemagick <not-affected> (Can't reproduce crash with file)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/4
 	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
 CVE-2015-8893 (app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07 ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -1719,7 +1719,7 @@ CVE-2015-8869 (OCaml before 4.03.0 does not properly handle sign extensions, whi
 	- ocaml 4.02.3-9 (bug #824139)
 	[jessie] - ocaml <no-dsa> (Minor issue; can be fixed via point release and sheduling binNMUs there)
 	NOTE: https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74#diff-a97df53e3ebc59bb457191b496c90762
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/1
 	NOTE: Ocaml applications using the patched functions need to be recompiled with the
 	NOTE: fixed ocaml version.
 CVE-2015-8864 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
@@ -1729,7 +1729,7 @@ CVE-2015-8864 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail bef
 	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
 	NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
 	NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/23/3
 	NOTE: https://lists.debian.org/debian-lts/2016/06/msg00159.html
 CVE-2015-8862 (mustache package before 2.2.1 for Node.js allows remote attackers to c ...)
 	- mustache.js <unfixed> (unimportant)
@@ -1763,7 +1763,7 @@ CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6,
 	NOTE: http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9
 	NOTE: Fixed in 5.6.6, 5.5.22
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/21/8
 CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...)
 	- php7.0 7.0.0-1
 	- php5 5.6.12+dfsg-1
@@ -1773,20 +1773,20 @@ CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827
 	NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/21/8
 CVE-2015-8853 (The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in  ...)
 	- perl 5.22.1-1 (bug #821848)
 	[jessie] - perl 5.20.2-3+deb8u5
 	[wheezy] - perl <no-dsa> (Minor issue)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=123562
 	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/20/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/20/5
 CVE-2015-8863 (Off-by-one error in the tokenadd function in jv_parse.c in jq allows r ...)
 	- jq 1.5+dfsg-1.1 (low; bug #802231)
 	[jessie] - jq 1.4-2.1+deb8u1
 	NOTE: https://github.com/stedolan/jq/issues/995
 	NOTE: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/23/1
 CVE-2015-8850
 	RESERVED
 CVE-2015-8849
@@ -1825,7 +1825,7 @@ CVE-2015-8868 (Heap-based buffer overflow in the ExponentialFunction::Exponentia
 	- poppler 0.38.0-3 (bug #822578)
 	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/12/1
 CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET NOD32 ...)
 	NOT-FOR-US: ESET NOD32
 CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...)
@@ -1851,7 +1851,7 @@ CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as us
 	NOTE: https://bugs.php.net/bug.php?id=71527
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e
 	NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
 	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b
 CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in the  ...)
 	{DLA-2241-1}
@@ -1897,19 +1897,19 @@ CVE-2015-8833 (Use-after-free vulnerability in the create_smp_dialog function in
 	NOTE: https://bugs.otr.im/issues/128
 	NOTE: Fixed by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
 	NOTE: Introduced by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/c276bfa786bef8a4572a37d5633cf40f480d3ae0
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/09/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/09/8
 CVE-2015-8832 (Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.cor ...)
 	- dotclear <removed> (bug #815979)
 	NOTE: https://hg.dotclear.org/dotclear/rev/198580bc3d80
 	NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
 	NOTE: Fixed upstream in 2.8.2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/05/4
 CVE-2015-8831 (Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotc ...)
 	- dotclear <removed> (bug #815979)
 	NOTE: https://hg.dotclear.org/dotclear/rev/65e65154dadf
 	NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
 	NOTE: Fixed upstream in 2.8.2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/05/4
 CVE-2015-8829
 	REJECTED
 CVE-2015-8828
@@ -1938,7 +1938,7 @@ CVE-2015-8818 (The cpu_physical_memory_write_rom_internal function in exec.c in
 	[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
 	[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
 	- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/01/10
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63 (v2.4.0-rc0)
 	NOTE: same patchset than CVE-2015-8817
 	NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00065.html
@@ -1948,7 +1948,7 @@ CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate'
 	[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
 	[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
 	- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/01/10
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 (v2.3.0-rc1)
 	NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 (v2.4.0-rc0)
@@ -1956,7 +1956,7 @@ CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate'
 CVE-2015-8852 (Varnish 3.x before 3.0.7, when used in certain stacked installations,  ...)
 	{DSA-3553-1}
 	- varnish 4.0.0-1 (bug #783510)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/16/1
 	NOTE: fixed in 3.0.7 upstream, mark as fixed with first 4.x version in unstable
 	NOTE: 4.x not affected
 CVE-2015-8857 (The uglify-js package before 2.4.24 for Node.js does not properly acco ...)
@@ -2012,7 +2012,7 @@ CVE-2015-8812 (drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before
 	{DSA-3503-1 DLA-439-1}
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/11/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303532
 	NOTE: Fixed by: https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1)
 	NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
@@ -2025,7 +2025,7 @@ CVE-2015-8809
 CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allo ...)
 	{DSA-3746-1 DLA-484-1}
 	- graphicsmagick 1.3.21-2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/06/1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53
 CVE-2015-8802
 	REJECTED
@@ -2041,7 +2041,7 @@ CVE-2015-8807 (Cross-site scripting (XSS) vulnerability in the _renderVarInput_n
 	{DSA-3496-1}
 	- php-horde-core 2.22.4+debian0-1 (bug #813590)
 	NOTE: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/06/4
 CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...)
 	{DSA-3593-1 DLA-503-1}
 	- libxml2 2.9.3+dfsg1-1.1 (bug #813613)
@@ -2108,7 +2108,7 @@ CVE-2015-XXXX [Type Confusion Vulnerability in PHP_to_XMLRPC_worker()]
 	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3
 	NOTE: https://bugs.php.net/bug.php?id=70728
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/03/3
 CVE-2015-XXXX [Session WDDX Packet Deserialization Type Confusion Vulnerability]
 	- php5 5.6.17+dfsg-1
 	[jessie] - php5 5.6.17+dfsg-0+deb8u1
@@ -2116,7 +2116,7 @@ CVE-2015-XXXX [Session WDDX Packet Deserialization Type Confusion Vulnerability]
 	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1785d2b805f64eaaacf98c14c9e13107bf085ab1
 	NOTE: https://bugs.php.net/bug.php?id=70741
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/03/3
 CVE-2015-XXXX [Use-after-free in WDDX Packet Deserialization]
 	- php5 5.6.17+dfsg-1
 	[jessie] - php5 5.6.17+dfsg-0+deb8u1
@@ -2124,7 +2124,7 @@ CVE-2015-XXXX [Use-after-free in WDDX Packet Deserialization]
 	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=366f9505a4aae98ef2f4ca39a838f628a324b746
 	NOTE: https://bugs.php.net/bug.php?id=70661
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/03/3
 CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 al ...)
 	{DSA-3526-1 DLA-420-1}
 	- libmatroska 1.4.4-1
@@ -2147,7 +2147,7 @@ CVE-2015-8787 (The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirec
 	NOTE: https://lkml.org/lkml/2015/12/2/618
 	NOTE: Introduced by: https://git.kernel.org/linus/8b13eddfdf04cbfa561725cfc42d6868fe896f56 (v3.19-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/94f9cd81436c85d8c3a318ba92e236ede73752fc (v4.4-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/27/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/27/6
 CVE-2015-8786 (The Management plugin in RabbitMQ before 3.6.1 allows remote authentic ...)
 	- rabbitmq-server 3.6.5-1
 	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
@@ -2161,21 +2161,21 @@ CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of servic
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of service (ou ...)
 	{DSA-3467-1 DLA-880-1 DLA-405-1}
 	- tiff 4.0.6-1
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of service (ou ...)
 	{DSA-3467-1 DLA-880-1 DLA-405-1}
 	- tiff 4.0.6-1
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote attacke ...)
 	{DSA-3467-1 DLA-880-1 DLA-405-1}
 	- tiff 4.0.6-1
@@ -2184,7 +2184,7 @@ CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote at
 	NOTE: Can be reproduced with tiff compiled with AddressSanitizer
 	NOTE: and the same reproducer file http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/4
 CVE-2015-XXXX [buffer overflows in init_cups]
 	- cups-filters 1.6.0-1 (unimportant)
 	- foomatic-filters <unfixed> (unimportant)
@@ -2264,7 +2264,7 @@ CVE-2015-8767 (net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not
 	[wheezy] - linux 3.2.73-2+deb7u3
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/linus/635682a14427d241bab7bbdeebb48a7d7b91638e (v4.3-rc4)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/11/4
 CVE-2015-XXXX [use after free / double free]
 	- lighttpd 1.4.39-1
 	[jessie] - lighttpd <not-affected> (Regression introduced in 1.4.36)
@@ -2317,7 +2317,7 @@ CVE-2015-8604 (SQL injection vulnerability in the host_new_graphs function in gr
 	{DSA-3494-1 DLA-386-1}
 	- cacti 0.8.8f+ds1-4
 	NOTE: http://bugs.cacti.net/view.php?id=2652
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/04/8
 CVE-2015-8742 (The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c  ...)
 	- wireshark 2.0.1+g59ea380-1
 	[jessie] - wireshark <not-affected> (Only affects 2.x)
@@ -2601,7 +2601,7 @@ CVE-2015-8743 (QEMU (aka Quick Emulator) built with the NE2000 device emulation
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1264929
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html
 	NOTE: Introduced by (at least after): http://git.qemu.org/?p=qemu.git;a=commit;h=69b910399a3c40620a5213adaeb14a37366d97ac
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/04/1
 CVE-2015-8706
 	RESERVED
 CVE-2015-8705 (buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logg ...)
@@ -2624,7 +2624,7 @@ CVE-2015-8701 (QEMU (aka Quick Emulator) built with the Rocker switch emulation
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
 	- qemu-kvm <not-affected> (Vulnerable code introduced after qemu 2.3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/28/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/28/6
 CVE-2015-8700
 	RESERVED
 CVE-2015-8699 (Multiple cross-site scripting (XSS) vulnerabilities in CA Release Auto ...)
@@ -2808,13 +2808,13 @@ CVE-2015-8683 (The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0
 	{DSA-3467-1 DLA-610-1 DLA-402-1}
 	- tiff 4.0.6-1 (bug #809021)
 	- tiff3 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/25/1
 	NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
 CVE-2015-8665 (tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a den ...)
 	{DSA-3467-1 DLA-610-1 DLA-402-1}
 	- tiff 4.0.6-1 (bug #808968)
 	- tiff3 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/24/2
 	NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
 CVE-2015-8666 (Heap-based buffer overflow in QEMU, when built with the Q35-chipset-ba ...)
 	{DLA-1497-1}
@@ -2826,7 +2826,7 @@ CVE-2015-8666 (Heap-based buffer overflow in QEMU, when built with the Q35-chips
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb (v2.5.0-rc1)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283722
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/24/1
 	NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=23910d3f669d46073b403876e30a7314599633af
 CVE-2015-8660 (The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel t ...)
 	- linux 4.3.3-3
@@ -2835,7 +2835,7 @@ CVE-2015-8660 (The ovl_setattr function in fs/overlayfs/inode.c in the Linux ker
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 (v4.4-rc4)
 	NOTE: OverlayFS introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/23/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/23/5
 CVE-2015-8659 (The idle stream handling in nghttp2 before 1.6.0 allows attackers to h ...)
 	- nghttp2 1.6.0-1
 	[jessie] - nghttp2 <not-affected> (Vulnerable code introduced later)
@@ -2887,11 +2887,11 @@ CVE-2015-8617 (Format string vulnerability in the zend_throw_or_error function i
 CVE-2015-8616 (Use-after-free vulnerability in the Collator::sortWithSortKeys functio ...)
 	- php7.0 7.0.1-1
 	NOTE: https://bugs.php.net/bug.php?id=71020
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/22/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/22/4
 CVE-2015-8697 (stalin 0.11-5 allows local users to write to arbitrary files. ...)
 	- stalin <unfixed> (unimportant; bug #808730)
 	[squeeze] - stalin <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/27/1
 	NOTE: Not exploitable with kernel hardening since wheezy
 CVE-2015-8708 (Stack-based buffer overflow in the conv_euctojis function in codeconv. ...)
 	- claws-mail 3.13.1-1.1 (bug #811048)
@@ -2922,7 +2922,7 @@ CVE-2015-8613 (Stack-based buffer overflow in the megasas_ctrl_get_info function
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284008
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/21/7
 	NOTE: LSI Megaraid SAS HBA emulation introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
 CVE-2015-8618 (The Int.Exp Montgomery code in the math/big library in Go 1.5.x before ...)
 	- golang 2:1.5.3-1 (bug #809168)
@@ -2930,7 +2930,7 @@ CVE-2015-8618 (The Int.Exp Montgomery code in the math/big library in Go 1.5.x b
 	[wheezy] - golang <not-affected> (Introduced in 1.5 release)
 	NOTE: https://go-review.googlesource.com/#/c/17672/
 	NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/21/6
 CVE-2015-8615 (The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 doe ...)
 	{DLA-479-1}
 	- xen 4.8.0~rc3-1 (bug #823620)
@@ -3001,13 +3001,13 @@ CVE-2015-8612 (The EnableNetwork method in the Network class in plugins/mechanis
 	[squeeze] - blueman <not-affected> (vulnerable code not present)
 	NOTE: https://twitter.com/thegrugq/status/677809527882813440
 	NOTE: https://github.com/blueman-project/blueman/commit/a3845bbed5fdddf14daec436b7e74f62719a71c1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/18/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/18/6
 CVE-2015-8709 (** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 misha ...)
 	- linux 4.3.3-3
 	[jessie] - linux 3.16.7-ckt20-1+deb8u2
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/17/12
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/12/17/12
 	NOTE: https://lkml.org/lkml/2015/12/12/259
 CVE-2015-8591
 	REJECTED
@@ -3151,7 +3151,7 @@ CVE-2015-8569 (The (1) pptp_bind and (2) pptp_connect functions in drivers/net/p
 	- linux 4.3.3-3
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/15/7
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 (v4.4-rc6)
 	NOTE: pptp_{connect,bind} introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=00959ade36acadc00e757f87060bf6e4501d545f (v2.6.37-rc1)
 	NOTE: https://lkml.org/lkml/2015/12/14/252
@@ -3162,7 +3162,7 @@ CVE-2015-8568 (Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/15/4
 CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause  ...)
 	{DSA-3471-1}
 	- qemu 1:2.5+dfsg-3 (bug #808145)
@@ -3170,7 +3170,7 @@ CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU allows remote attackers to c
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/15/4
 CVE-2015-8559 (The knife bootstrap command in chef leaks the validator.pem private RS ...)
 	- chef <removed> (low; bug #809670)
 	[buster] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
@@ -3179,7 +3179,7 @@ CVE-2015-8559 (The knife bootstrap command in chef leaks the validator.pem priva
 	[wheezy] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
 	NOTE: https://github.com/chef/chef/issues/3871
 	NOTE: https://github.com/chef/chef/pull/8885
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/14/10
 	NOTE: Workaround: use validatorless bootstrapping
 CVE-2015-8558 (The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows loca ...)
 	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
@@ -3188,13 +3188,13 @@ CVE-2015-8558 (The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/14/9
 CVE-2015-8557 (The FontManager._get_nix_font_path function in formatters/img.py in Py ...)
 	{DSA-3445-1 DLA-369-1}
 	- pygments 2.0.1+dfsg-2 (bug #802828)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1276321
 	NOTE: https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/14/6
 CVE-2015-8548 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
 	{DSA-3418-1}
 	- chromium-browser 47.0.2526.80-1
@@ -3210,7 +3210,7 @@ CVE-2015-8542 (An issue was discovered in Open-Xchange Guard before 2.2.0-rev8.
 	NOT-FOR-US: Open-Xchange
 CVE-2015-8556 (Local privilege escalation vulnerability in the Gentoo QEMU package be ...)
 	- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/14/5
 CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kern ...)
 	{DSA-3503-1 DLA-412-1}
 	- linux 4.3.5-1
@@ -3218,7 +3218,7 @@ CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5)
 	NOTE: Introduced in: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea9b9907b82a09bd1a708004454f7065de77c5b0 (v2.6.26-rc1)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1290642
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/1
 CVE-2015-XXXX [remotely triggerable crash]
 	- ruby-eventmachine 1.0.7-1 (bug #678512; bug #696015)
 	[jessie] - ruby-eventmachine 1.0.3-6+deb8u1
@@ -3231,12 +3231,12 @@ CVE-2015-8560 (Incomplete blacklist vulnerability in util.c in foomatic-rip in c
 	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
 	- foomatic-filters 4.0.17-7 (bug #807993)
 	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/13/2
 CVE-2015-9097 (The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is ...)
 	{DLA-489-1}
 	- ruby-mail 2.6.1+dfsg1-1
 	NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/11/3
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/12/11/3
 	NOTE: Fixed in 2.6.0
 	NOTE: "Note that, this patch might not be complete ..." https://bugzilla.redhat.com/show_bug.cgi?id=1293598
 CVE-2015-8547 (The CoreUserInputHandler::doMode function in core/coreuserinputhandler ...)
@@ -3247,7 +3247,7 @@ CVE-2015-8547 (The CoreUserInputHandler::doMode function in core/coreuserinputha
 	NOTE: https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7
 	NOTE: Support for oping a whole channel with /op * was only added in
 	NOTE: https://github.com/quassel/quassel/commit/7ecbc1bf921880f7b03af779de7d9611853a0d46 (0.10-beta1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/12/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/12/1
 CVE-2015-8541
 	RESERVED
 CVE-2015-8536 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
@@ -3259,7 +3259,7 @@ CVE-2015-8534 (MITRE is populating this ID because it was assigned prior to Leno
 CVE-2015-8540 (Integer underflow in the png_check_keyword function in pngwutil.c in l ...)
 	{DSA-3443-1 DLA-375-1}
 	- libpng <removed> (bug #807694)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/10/6
 	NOTE: https://sourceforge.net/p/libpng/bugs/244/
 	NOTE: http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
 	NOTE: Fixed in 1.0.66, 1.2.56, 1.4.19, and 1.5.26
@@ -3269,7 +3269,7 @@ CVE-2015-8543 (The networking implementation in the Linux kernel through 4.3.3,
 	[jessie] - linux 3.16.7-ckt20-1+deb8u1
 	[wheezy] - linux 3.2.73-2+deb7u2
 	- linux-2.6 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/09/3
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9 (v4.4-rc6)
 CVE-2015-8539 (The KEYS subsystem in the Linux kernel before 4.4 allows local users t ...)
 	- linux <not-affected> (Vulnerable code not present)
@@ -3277,14 +3277,14 @@ CVE-2015-8539 (The KEYS subsystem in the Linux kernel before 4.4 allows local us
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd (v4.4-rc3)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc (v4.4-rc1)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284450
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/09/1
 CVE-2015-8538 (dwarf_leb.c in libdwarf allows attackers to cause a denial of service  ...)
 	{DLA-669-1}
 	- dwarfutils 20160507-1 (bug #807817)
 	[jessie] - dwarfutils 20120410-2+deb8u1
 	[squeeze] - dwarfutils <not-affected> (No segfault with provided test case)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1289385
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/09/2
 	NOTE: http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/
 CVE-2015-8533
 	REJECTED
@@ -3398,7 +3398,7 @@ CVE-2015-8504 (Qemu, when built with VNC display driver support, allows remote a
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: Fixed by http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3 (v2.5.0-rc3)
 	NOTE: Issue possibly introduced after http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cec5487990bf3f1f22b3fcb871978255e92ae0d (v0.10.0)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/08/4
 CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in media/base/video ...)
 	- chromium-browser 47.0.2526.73-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -3445,7 +3445,7 @@ CVE-2015-8537 (app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x b
 	NOTE: https://www.redmine.org/issues/21419 (private)
 	NOTE: https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
 	NOTE: upstream fixed in 2.6.9, 3.0.6 and 3.1.3
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/08/8
 CVE-2015-8476 (Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 all ...)
 	{DSA-3416-1 DLA-363-1}
 	- libphp-phpmailer 5.2.14+dfsg-1 (bug #807265)
@@ -3459,7 +3459,7 @@ CVE-2015-8474 (Open redirect vulnerability in the valid_back_url function in app
 	NOTE: https://www.redmine.org/issues/19577 (private)
 	NOTE: commit: https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472
 	NOTE: upstream fixed in 2.6.7, 3.0.5 and 3.1.1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/04/1
 	NOTE: depends on the CVE-2014-1985 fix first
 CVE-2015-8473 (The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x  ...)
 	{DSA-3529-1}
@@ -3468,7 +3468,7 @@ CVE-2015-8473 (The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3
 	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
 	NOTE: https://www.redmine.org/issues/21136
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/03/7
 	NOTE: https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
 CVE-2015-8465
 	RESERVED
@@ -3632,7 +3632,7 @@ CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellina
 	- shellinabox 2.19
 	[jessie] - shellinabox <no-dsa> (Minor issue)
 	[wheezy] - shellinabox <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/02/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/02/6
 CVE-2015-8377 (SQL injection vulnerability in the host_new_graphs_save function in gr ...)
 	{DSA-3494-1 DLA-374-1}
 	- cacti 0.8.8f+ds1-4
@@ -3669,7 +3669,7 @@ CVE-2015-8378 (In KeePassX before 0.4.4, a cleartext copy of password data is cr
 	[jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
 	[wheezy] - keepassx <no-dsa> (Minor issue)
 	[squeeze] - keepassx <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/30/4
 CVE-2015-8375 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2015-8368 (ntopng (aka ntop) before 2.2 allows remote authenticated users to chan ...)
@@ -3817,7 +3817,7 @@ CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles comp
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 (v4.4-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/27/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/27/2
 	NOTE: CVE assignment for the vulnerability with the impact of "User B now
 	NOTE: gets to see the 1000 bytes that user A truncated from its file before
 	NOTE: it made its file world readable"
@@ -3852,7 +3852,7 @@ CVE-2015-8325 (The do_setup_env function in session.c in sshd in OpenSSH through
 	NOTE: Upstream fix: https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
 CVE-2015-XXXX [RCE in gitlab-shell 2.6.6-2.6.7]
 	- gitlab-shell <not-affected> (Only affects version 2.6.6-2.6.7)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/11/25/5
 CVE-2015-8345 (The eepro100 emulator in QEMU qemu-kvm blank allows local guest users  ...)
 	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
 	- qemu 1:2.5+dfsg-1 (bug #806373)
@@ -3864,7 +3864,7 @@ CVE-2015-8345 (The eepro100 emulator in QEMU qemu-kvm blank allows local guest u
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue, can be fixed along in a later DSA)
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/25/3
 CVE-2015-8346 (app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before ...)
 	{DSA-3529-1 DLA-351-1}
 	- redmine 3.2.0-1 (bug #806376)
@@ -3873,7 +3873,7 @@ CVE-2015-8346 (app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x b
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/21150 (private)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/25/1
 	NOTE: Commit: https://github.com/redmine/redmine/commit/945a091c94a9ed651f61e225fa8646479478e9d4
 	NOTE: Commit: https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
 	NOTE: For squeeze, the bug is in app/views/timelog/edit.rhtml
@@ -3894,7 +3894,7 @@ CVE-2015-8326 (The IPTables-Parse module before 1.6 for Perl allows local users
 	[wheezy] - libiptables-parse-perl 1.1-1+deb7u1
 	[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/24/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/24/6
 CVE-2015-8381 (The compile_regex function in pcre_compile.c in PCRE before 8.38 and p ...)
 	- pcre3 2:8.38-1 (bug #796762; bug #795539)
 	[jessie] - pcre3 2:8.35-3.3+deb8u2
@@ -3902,9 +3902,9 @@ CVE-2015-8381 (The compile_regex function in pcre_compile.c in PCRE before 8.38
 	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1672
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/24/1
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1667
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/05/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/05/3
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1250943
 CVE-2015-8380 (The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a ...)
@@ -3964,7 +3964,7 @@ CVE-2015-8324 (The ext4 implementation in the Linux kernel before 2.6.34 does no
 	{DLA-360-1}
 	- linux 2.6.37-1
 	- linux-2.6 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/23/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/23/2
 	NOTE: https://bugs.openvz.org/browse/OVZ-6541
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1267261
 	NOTE: Commit fixing the issue: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11 (v2.6.34-rc1)
@@ -3974,7 +3974,7 @@ CVE-2015-8316 (Array index error in LightDM (aka Light Display Manager) 1.14.3,
 	- lightdm 1.16.6-1
 	[jessie] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
 	[wheezy] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/21/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/21/2
 	NOTE: https://bugs.launchpad.net/lightdm/+bug/15168
 	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.14/revision/2166 (1.14.x)
 	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.16/revision/2207 (1.16.x)
@@ -4128,7 +4128,7 @@ CVE-2015-8308 (LXDM before 0.5.2 did not start X server with -auth, which allows
 	NOTE: http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268900
 	NOTE: http://advisories.mageia.org/MGASA-2015-0411.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/20/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/20/2
 CVE-2015-8243
 	RESERVED
 CVE-2015-8240 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, A ...)
@@ -4185,13 +4185,13 @@ CVE-2015-8241 (The xmlNextChar function in libxml2 2.9.2 does not properly check
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
 	NOTE: Introduced/Uncovered by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/17/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/17/5
 CVE-2015-8239 (The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 all ...)
 	- sudo 1.8.17p1-1 (bug #805563)
 	[jessie] - sudo <no-dsa> (Minor issue)
 	[wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
 	[squeeze] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/10/2
 CVE-2015-8234 (The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...)
 	- glance <unfixed> (unimportant)
 CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2. ...)
@@ -4506,10 +4506,10 @@ CVE-2015-8472 (Buffer overflow in the png_set_PLTE function in libpng before 1.0
 CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...)
 	{DSA-3507-1 DSA-3399-1 DLA-410-1 DLA-343-1}
 	- libpng 1.2.54-1 (bug #805113)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/12/2
 	NOTE: Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
 	NOTE: The original patch was incomplete, cf.
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/03/6
 	NOTE: and fixed in new upstream versions 1.6.20, 1.5.25,
 	NOTE: 1.4.18, 1.2.55, and 1.0.65
 	- chromium-browser 49.0.2623.75-1
@@ -4596,7 +4596,7 @@ CVE-2015-7501 (Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; D
 	- libcommons-collections4-java <unfixed> (unimportant)
 	NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
 	NOTE: https://issues.apache.org/jira/browse/COLLECTIONS-580
-	NOTE: No CVE is expected to be assigned, cf http://www.openwall.com/lists/oss-security/2015/11/17/19
+	NOTE: No CVE is expected to be assigned, cf https://www.openwall.com/lists/oss-security/2015/11/17/19
 	NOTE: Patches for 3.2.x:
 	NOTE: https://github.com/apache/commons-collections/commit/1642b00d67b96de87cad44223efb9ab5b4fb7be5
 	NOTE: https://github.com/apache/commons-collections/commit/5ec476b0b756852db865b2e442180f091f8209ee
@@ -4734,7 +4734,7 @@ CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not prope
 	NOTE: so it barfs on the problematic file (parser error : Start tag expected,
 	NOTE: '<' not found) even though it does not have the fix yet. The next upstream
 	NOTE: release will fix this issue and will restore XZ support.
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/02/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/02/2
 CVE-2015-7984 (Multiple cross-site request forgery (CSRF) vulnerabilities in Horde be ...)
 	{DSA-3391-1}
 	- php-horde 5.2.8+debian0-1 (bug #803641)
@@ -4788,12 +4788,12 @@ CVE-2015-XXXX [iptables-persistent minor local info leak]
 	[jessie] - iptables-persistent 1.0.3+deb8u1
 	[wheezy] - iptables-persistent 0.5.7+deb7u1
 	[squeeze] - iptables-persistent <no-dsa> (Minor issue)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/05/5
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/05/5
 CVE-2015-XXXX
 	- cinnamon-settings-daemon 2.8.3-1 (low)
 	[jessie] - cinnamon-settings-daemon 2.2.4.repack-7+deb8u1
 	NOTE: https://github.com/linuxmint/cinnamon-settings-daemon/commit/ac5e0be8c1817616dbdb056b6881cfc4660f57a8
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/10/28/3
 CVE-2015-8025 (driver/subprocs.c in XScreenSaver before 5.34 does not properly perfor ...)
 	{DSA-3438-1 DLA-338-1}
 	- xscreensaver 5.34-1 (bug #802914)
@@ -4855,7 +4855,7 @@ CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and wri
 CVE-2015-8019 (The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c i ...)
 	- linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/27/11
 	NOTE: Only for all stable kernels before v3.19 which have backported commit
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=89c22d8c3b278212eef6a8cc66b570bc840a6f5a
 	NOTE: but are lacking the ioviter conversion.
@@ -4870,7 +4870,7 @@ CVE-2015-7990 (Race condition in the rds_sendmsg function in net/rds/sendmsg.c i
 	- linux 4.2.6-1
 	- linux-2.6 <removed>
 	NOTE: https://lkml.org/lkml/2015/10/16/530
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/27/5
 CVE-2015-7979 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to  ...)
 	{DSA-3629-1 DLA-559-1}
 	- ntp 1:4.2.8p7+dfsg-1
@@ -5002,7 +5002,7 @@ CVE-2015-9261 (huft_build in archival/libarchive/decompress_gunzip.c in BusyBox
 	{DLA-1445-1 DLA-337-1}
 	- busybox 1:1.27.2-1 (bug #803097)
 	[stretch] - busybox <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/25/3
 	NOTE: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
 	NOTE: https://git.busybox.net/busybox/commit/archival/libarchive/decompress_gunzip.c?id=6bd3fff51aa74e2ee2d87887b12182a3b09792ef
 CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does n ...)
@@ -5010,7 +5010,7 @@ CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 d
 	- libxslt 1.1.28-2.1 (bug #802971)
 	[squeeze] - libxslt <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1257962
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/27/10
 	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 (v1.1.29-rc1)
 CVE-2015-8982 (Integer overflow in the strxfrm function in the GNU C Library (aka gli ...)
 	- glibc 2.21-1 (bug #803927)
@@ -5042,7 +5042,7 @@ CVE-2015-XXXX [Endlees loop issue]
 	NOTE: https://github.com/relan/exfat/issues/6
 	NOTE: https://crashes.fuzzing-project.org/exfatfsck-endless-loop
 	NOTE: https://github.com/relan/exfat/commit/35a1f77f9be2d8b21731f758baba4334935bf18b
-	NOTE: will possibly not get a CVE, cf. http://www.openwall.com/lists/oss-security/2015/10/29/13
+	NOTE: will possibly not get a CVE, cf. https://www.openwall.com/lists/oss-security/2015/10/29/13
 CVE-2015-8010 (Cross-site scripting (XSS) vulnerability in the Classic-UI with the CS ...)
 	- icinga 1.13.3-3 (bug #803432)
 	[jessie] - icinga <no-dsa> (Minor issue)
@@ -5051,7 +5051,7 @@ CVE-2015-8010 (Cross-site scripting (XSS) vulnerability in the Classic-UI with t
 	NOTE: Introduced by: https://dev.icinga.org/issues/593 in 1.3.
 	NOTE: Upstream issue: https://dev.icinga.org/issues/10453
 	NOTE: Upstream fix: https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/23/15
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/23/15
 CVE-2015-7981 (The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1. ...)
 	{DSA-3399-1 DLA-343-1}
 	- libpng 1.2.54-1 (bug #803078)
@@ -5196,7 +5196,7 @@ CVE-2015-7943 (Open redirect vulnerability in the Overlay module in Drupal 7.x b
 	- drupal7 7.41-1
 	[jessie] - drupal7 7.32-1+deb8u9
 	NOTE: https://www.drupal.org/SA-CORE-2015-004
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/21/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/21/6
 	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=9f72251c9291b5613acb9ca4ea7a51b4739e3f93
 CVE-2015-7885 (The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in th ...)
 	- linux 4.4.2-1 (unimportant)
@@ -5325,10 +5325,10 @@ CVE-2015-7872 (The key_gc_unused_keys function in security/keys/gc.c in the Linu
 	NOTE: Prerequisite for Fedora patches: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94c4554ba07adbdde396748ee7ae01e86cf2d8d7
 	NOTE: Patches from Fedora: http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?id=d76d5fe34b5c151ad83761160998b1075729b541
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 (v4.3-rc7)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/20/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/20/5
 CVE-2015-8013 (s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of pas ...)
 	- node-openpgp <itp> (bug #787774)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/13/7
 CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and Event  ...)
 	NOT-FOR-US: SolarWinds
 CVE-2015-7839 (SolarWinds Log and Event Manager (LEM) allows remote attackers to exec ...)
@@ -5427,14 +5427,14 @@ CVE-2015-8011 (Buffer overflow in the lldp_decode function in daemon/protocols/l
 	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
 	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/16/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/16/2
 CVE-2015-8012 (lldpd before 0.8.0 allows remote attackers to cause a denial of servic ...)
 	- lldpd 0.7.19-1
 	[jessie] - lldpd 0.7.11-2+deb8u1
 	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
 	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/18/2
 CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
 	- cakephp 2.6.7-1 (bug #832283)
 	[jessie] - cakephp <no-dsa> (Minor issue)
@@ -5455,9 +5455,9 @@ CVE-2015-7810 (libbluray MountManager class has a time-of-check time-of-use (TOC
 	[jessie] - libbluray <no-dsa> (Minor issue, too intrusive to backport)
 	[wheezy] - libbluray <no-dsa> (Minor issue)
 	NOTE: CVE was assigned specific to the Fedora packages, cf.
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/12/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/12/7
 	NOTE: Salvatored asked if Debian needs a separate CVE:
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/13/6
 	NOTE: No reply, so we'll just use the same ID
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959434
 CVE-2015-7808 (The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 t ...)
@@ -5703,20 +5703,20 @@ CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a
 	- gummi 0.6.5-6 (bug #756432)
 	[jessie] - gummi 0.6.5-3+deb8u1
 	[wheezy] - gummi 0.6.3-1.2+deb7u2
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/08/4
 CVE-2015-7740 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P ...)
 	NOT-FOR-US: ARM Mali GPU driver
 CVE-2015-7545 (The (1) git-remote-ext and (2) unspecified other remote helper program ...)
 	{DSA-3435-1}
 	- git 1:2.6.1-1
 	[squeeze] - git <not-affected> (git 1.7.2 did not have git-remote-ext yet)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/06/1
 CVE-2015-7747 (Buffer overflow in the afReadFrames function in audiofile (aka libaudi ...)
 	- audiofile 0.3.6-3 (bug #801102)
 	[jessie] - audiofile 0.3.6-2+deb8u1
 	[wheezy] - audiofile <no-dsa> (Minor issue)
 	[squeeze] - audiofile <not-affected> (Vulnerable code introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/06/2
 CVE-2015-7705 (The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4 ...)
 	- ntp 1:4.2.8p4+dfsg-3
 	[jessie] - ntp <no-dsa> (Default config not affected)
@@ -5820,10 +5820,10 @@ CVE-2015-7713 (OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x befo
 	[jessie] - nova <no-dsa> (Minor issue)
 	[wheezy] - nova <no-dsa> (Minor issue)
 	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/05/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/05/10
 CVE-2015-XXXX [Remotely triggerable buffer overflow in OpenSMTPD]
 	- opensmtpd 5.7.3p1-1
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/04/2
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/10/04/2
 	NOTE: Fixed with 5.7.3 upstream release
 CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote a ...)
 	- opensmtpd 5.7.3p1-1 (bug #800787)
@@ -5833,7 +5833,7 @@ CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the Email-A
 	[jessie] - libemail-address-perl <no-dsa> (Minor issue)
 	[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
 	[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/02/13
 	NOTE: Possibility of DoS vs. usability issue for Email::Address
 	NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
 CVE-2015-7671
@@ -5954,7 +5954,7 @@ CVE-2015-7612 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
 	NOT-FOR-US: McAfee
 CVE-2015-7665 (Tails before 1.7 includes the wget program but does not prevent automa ...)
 	NOT-FOR-US: wget as used in Tails
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/01/10
 CVE-2015-7613 (Race condition in the IPC object implementation in the Linux kernel th ...)
 	{DSA-3372-1 DLA-325-1}
 	- linux 4.2.3-1
@@ -5976,7 +5976,7 @@ CVE-2015-7673 (io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its a
 	{DSA-3378-1 DLA-434-1}
 	- gdk-pixbuf 2.32.0-1
 	- gtk+2.0 2.21.5-1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/01/3
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
@@ -5985,11 +5985,11 @@ CVE-2015-8875 (Multiple integer overflows in the (1) pixops_composite_nearest, (
 	{DSA-3589-1 DLA-450-1}
 	- gdk-pixbuf 2.34.0-1
 	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/12/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/12/3
 CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in pixops/pixops ...)
 	{DSA-3378-1 DLA-450-1 DLA-434-1}
 	- gdk-pixbuf 2.32.1-1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/01/4
 	NOTE: Fix for CVE-2015-7674: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa (2.32.1)
 	NOTE: Additional hardening against further overflows (but not part of the CVE assignment): https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)
 	NOTE: The CVE is only assigned for the overflow in the pixops_scale_nearest function.
@@ -6123,7 +6123,7 @@ CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/7d9d5c61f8445dc9e9ca47bb575c77cef17da17a
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/0e3fc7881d37246fc2d51dc404cad95b205c0e1e
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/05/8
 	NOTE: http://www.mitls.org/pages/attacks/SLOTH
 CVE-2015-7574
 	REJECTED
@@ -6194,7 +6194,7 @@ CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows
 	- tiff 4.0.7-7 (bug #809066; bug #842043; bug #850316)
 	[jessie] - tiff 4.0.3-12.3+deb8u4
 	- tiff3 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/26/7
 	NOTE: SUSE seem to have a fix (disputed): https://bugzilla.suse.com/show_bug.cgi?id=960341
 	NOTE: Reproducer file here: https://bugzilla.suse.com/attachment.cgi?id=665389
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2564
@@ -6680,7 +6680,7 @@ CVE-2015-8076 (The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before
 	- cyrus-imapd-2.4 2.4.17+nocaldav-2
 	[jessie] - cyrus-imapd-2.4 2.4.17+nocaldav-0~deb8u1
 	[wheezy] - cyrus-imapd-2.4 <no-dsa> (Minor issue; can be fixed alone in a future DLA)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/29/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/29/2
 	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
 	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
 CVE-2015-7383 (Multiple cross-site scripting (XSS) vulnerabilities in Web Reference D ...)
@@ -6743,7 +6743,7 @@ CVE-2015-XXXX [DoS]
 	NOTE: No CVE will be assigned for behaviour change between 1.907 and 1.908
 	NOTE: See CVE-2015-7686 for the underlying CWE-407 ("Algorithmic Complexity")
 	NOTE: issue still present in 1.908
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/02/13
 CVE-2015-7359 (The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in ...)
 	NOT-FOR-US: TrueCrypt
 CVE-2015-7358 (The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7. ...)
@@ -6889,7 +6889,7 @@ CVE-2015-7296 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W
 	NOT-FOR-US: Securifi Almond devices
 CVE-2015-7294 (ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP inj ...)
 	NOT-FOR-US: NodeJS ldapauth
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/18/4
 	NOTE: https://github.com/vesse/node-ldapauth-fork/issues/21
 	NOTE: https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
 	NOTE: https://nodesecurity.io/advisories/19
@@ -7039,7 +7039,7 @@ CVE-2015-7295 (hw/virtio/virtio.c in the Virtual Network Device (virtio-net) sup
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a later DSA)
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/18/5
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04731.html
@@ -7727,7 +7727,7 @@ CVE-2015-7236 (Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c
 	- rpcbind 0.2.1-6.1 (bug #799307)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=946204
 	NOTE: http://www.spinics.net/lists/linux-nfs/msg53045.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/17/1
 CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows  ...)
 	- web2py 2.12.3-1
 	[jessie] - web2py <ignored> (Minor issue)
@@ -7783,10 +7783,10 @@ CVE-2015-7989 (Cross-site scripting (XSS) vulnerability in the user list table i
 	{DSA-3383-1 DSA-3375-1 DLA-321-1}
 	- wordpress 4.3.1+dfsg-1 (bug #799140)
 	NOTE: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/26/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/26/7
 CVE-2015-7337 (The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x ...)
 	- ipython <not-affected> (Affects versions 3.0 to 3.2.1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/16/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/16/3
 CVE-2015-7940 (The Bouncy Castle Java library before 1.51 does not validate a point i ...)
 	{DSA-3417-1 DLA-361-1}
 	- bouncycastle 1.51-1 (bug #802671)
@@ -7815,7 +7815,7 @@ CVE-2015-8871 (Use-after-free vulnerability in the opj_j2k_write_mco function in
 	NOTE: https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
 	NOTE: https://github.com/uclouvain/openjpeg/issues/563
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1263359
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/15/4
 CVE-2015-6930
 	RESERVED
 CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks  ...)
@@ -8006,13 +8006,13 @@ CVE-2015-6908 (The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2
 	- openldap 2.4.42+dfsg-2 (bug #798622)
 	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
 	NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240;selectid=8240
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/2
 CVE-2015-7312 (Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3 ...)
 	- linux 4.2.1-1 (bug #796036)
 	[jessie] - linux 3.16.7-ckt11-1+deb8u4
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/10/3
 	NOTE: http://sourceforge.net/p/aufs/mailman/message/34449209/
 	NOTE: For Linux kernel with aufs aufs3-mmap.patch or aufs4-mmap.patch mmap patch
 CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted ...)
@@ -8021,7 +8021,7 @@ CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands acc
 	- qemu-kvm <removed>
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/10/1
 	NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
 	NOTE: exec_cmd introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a
 	NOTE: cmd_table introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=844505b12e722d9ba7060480e766351fc6313501
@@ -8127,34 +8127,34 @@ CVE-2015-XXXX [hardening for RSA-CRT leak]
 	- libgcrypt20 1.6.4-3
 	[jessie] - libgcrypt20 <no-dsa> (Minor issue; additional hardening)
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/09/08/5
 	NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
 CVE-2015-6838 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...)
 	{DSA-3358-1 DLA-341-1}
 	- php5 5.6.13+dfsg-1
 	- hhvm 3.12.1+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=69782
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
 	NOTE: Fixed in 5.5.45 and 5.6.13
 	NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a
 CVE-2015-6837 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...)
 	{DSA-3358-1 DLA-341-1}
 	- php5 5.6.13+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=69782
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
 	NOTE: Fixed in 5.5.45 and 5.6.13
 CVE-2015-6836 (The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45,  ...)
 	{DSA-3358-1 DLA-341-1}
 	- php5 5.6.13+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=70388
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
 	NOTE: Fixed in 5.5.45 and 5.6.13
 CVE-2015-6835 (The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ...)
 	{DSA-3358-1}
 	- php5 5.6.13+dfsg-1
 	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
 	NOTE: https://bugs.php.net/bug.php?id=70219
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
 	NOTE: Fixed in 5.5.45 and 5.6.13
 CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ...)
 	{DSA-3358-1 DLA-341-1}
@@ -8162,18 +8162,18 @@ CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5
 	NOTE: https://bugs.php.net/bug.php?id=70172
 	NOTE: https://bugs.php.net/bug.php?id=70365
 	NOTE: https://bugs.php.net/bug.php?id=70366
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
 	NOTE: Fixed in 5.5.45 and 5.6.13
 CVE-2015-7225 (Tinfoil Devise-two-factor before 2.0.0 does not strictly follow sectio ...)
 	- ruby-devise-two-factor 2.0.0-1 (bug #798466)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/06/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/06/2
 CVE-2015-8777 (The process_envvars function in elf/rtld.c in the GNU C Library (aka g ...)
 	{DSA-3480-1 DLA-316-1}
 	- glibc 2.21-1 (bug #798316; bug #801691)
 	[jessie] - glibc 2.19-18+deb8u2
 	- eglibc <removed>
 	[squeeze] - eglibc 2.11.3-4+deb6u7
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/05/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/05/8
 	NOTE: Upstream bug https://sourceware.org/bugzilla/show_bug.cgi?id=18928
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
 CVE-2015-6815 (The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1  ...)
@@ -8182,7 +8182,7 @@ CVE-2015-6815 (The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/04/4
 	NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
 CVE-2015-6816 (ganglia-web before 3.7.1 allows remote attackers to bypass authenticat ...)
 	- ganglia-web <unfixed> (unimportant; bug #798213)
@@ -8190,7 +8190,7 @@ CVE-2015-6816 (ganglia-web before 3.7.1 allows remote attackers to bypass authen
 	[squeeze] - ganglia <not-affected> (affected code not present)
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
 	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/04/2
 	NOTE: https://github.com/ganglia/ganglia-web/issues/267
 CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows r ...)
 	- pgbouncer 1.6.1-1
@@ -8199,7 +8199,7 @@ CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, all
 	[squeeze] - pgbouncer <not-affected> (Introduced in 1.6)
 	NOTE: http://web.archive.org/web/20150905195759/http://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/
 	NOTE: https://github.com/pgbouncer/pgbouncer/issues/69
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/04/3
 CVE-2015-XXXX [val_dane_check: usage DANE-TA(2) may bypass cert validation entirely]
 	[experimental] - dnsval 2.1-1
 	- dnsval 2.0-2 (bug #797470)
@@ -8211,7 +8211,7 @@ CVE-2015-XXXX [Memory corruption]
 	[squeeze] - libvncserver 0.9.7-2+deb6u2
 	NOTE: workaround entry for DLA-380-1 until/if CVE assigned
 	NOTE: https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/03/8
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/09/03/8
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=706087#c1 notes that the fix breaks ABI
 CVE-2015-6938 (Cross-site scripting (XSS) vulnerability in the file browser in notebo ...)
 	- ipython 2.4.1-1 (low; bug #798886)
@@ -8219,7 +8219,7 @@ CVE-2015-6938 (Cross-site scripting (XSS) vulnerability in the file browser in n
 	[wheezy] - ipython <no-dsa> (Minor issue)
 	[squeeze] - ipython <not-affected> (Vulnerable code not present)
 	NOTE: Affected versions: 0.12 <= x <= 4.0
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/02/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/02/3
 CVE-2015-6804
 	RESERVED
 CVE-2015-6803
@@ -8477,12 +8477,12 @@ CVE-2015-6806 (The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier d
 	{DSA-3352-1 DLA-305-1}
 	- screen 4.3.1-2 (bug #797624)
 	NOTE: https://savannah.gnu.org/bugs/?45713
-	NOTE: http://www.openwall.com/lists/oss-security/2015/09/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/09/01/1
 CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis- ...)
 	{DLA-1010-1 DLA-317-1}
 	- vorbis-tools 1.4.0-7 (bug #797461)
 	[jessie] - vorbis-tools 1.4.0-6+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/29/1
 	NOTE: https://trac.xiph.org/ticket/2212
 CVE-2015-6741
 	RESERVED
@@ -8499,7 +8499,7 @@ CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. .
 	NOTE: https://github.com/jhy/jsoup/pull/582
 	NOTE: https://hibernate.atlassian.net/browse/HV-1012
 	NOTE: https://issues.jboss.org/browse/WFLY-5223
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/28/3
 CVE-2015-6726
 	RESERVED
 CVE-2015-6725 (The ANSendForSharedReview method in Adobe Reader and Acrobat 10.x befo ...)
@@ -8958,36 +8958,36 @@ CVE-2015-6661 (Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attacker
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2015-003
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
 CVE-2015-6660 (The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not pr ...)
 	{DSA-3346-1}
 	- drupal7 7.39-1
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2015-003
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
 CVE-2015-6659 (SQL injection vulnerability in the SQL comment filtering system in the ...)
 	{DSA-3346-1}
 	- drupal7 7.39-1
 	NOTE: https://www.drupal.org/SA-CORE-2015-003
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
 CVE-2015-6658 (Cross-site scripting (XSS) vulnerability in the Autocomplete system in ...)
 	{DSA-3346-1}
 	- drupal7 7.39-1
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2015-003
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
 CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal ...)
 	{DSA-3346-1}
 	- drupal7 7.39-1
 	NOTE: https://www.drupal.org/SA-CORE-2015-003
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
 CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. ...)
 	{DLA-2035-1}
 	- libpgf 6.14.12-3.2 (bug #798032)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
-	NOTE: Details on the CVE assignment: http://www.openwall.com/lists/oss-security/2015/08/25/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/19/14
+	NOTE: Details on the CVE assignment: https://www.openwall.com/lists/oss-security/2015/08/25/9
 	NOTE: https://sourceforge.net/p/libpgf/code/147/
 	NOTE: https://sourceforge.net/p/libpgf/code/148/
 CVE-2015-6527 (The php_str_replace_in_subject function in ext/standard/string.c in PH ...)
@@ -9026,7 +9026,7 @@ CVE-2015-6833 (Directory traversal vulnerability in the PharData class in PHP be
 	{DSA-3344-1 DLA-341-1}
 	- php5 5.6.12+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=70019
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-6831 (Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ...)
 	{DSA-3344-1 DLA-341-1}
@@ -9035,13 +9035,13 @@ CVE-2015-6831 (Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.
 	NOTE: https://bugs.php.net/bug.php?id=70168
 	NOTE: https://bugs.php.net/bug.php?id=70166
 	NOTE: https://bugs.php.net/bug.php?id=70155
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-6832 (Use-after-free vulnerability in the SPL unserialize implementation in  ...)
 	{DSA-3344-1 DLA-341-1}
 	- php5 5.6.12+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=70068
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-6505
 	RESERVED
@@ -9563,7 +9563,7 @@ CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchai
 	[wheezy] - linux 3.2.71-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/18/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/18/4
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3 (v4.1-rc1)
 CVE-2015-6252 (The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux ker ...)
 	{DSA-3364-1}
@@ -10140,7 +10140,7 @@ CVE-2015-5986 (openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.
 CVE-2015-6496 (conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that t ...)
 	{DSA-3341-1 DLA-295-1}
 	- conntrack 1:1.4.2-3 (bug #796103)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/14/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/14/4
 	NOTE: http://bugzilla.netfilter.org/show_bug.cgi?id=910
 	NOTE: https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd
 CVE-2015-5985
@@ -10191,26 +10191,26 @@ CVE-2015-6506 (Cross-site scripting (XSS) vulnerability in the cryptography inte
 	[jessie] - request-tracker4 4.2.8-3+deb8u1
 	[wheezy] - request-tracker4 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d1c7767d8484c4
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/13/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/13/8
 CVE-2015-6565 (sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY de ...)
 	- openssh <not-affected> (Vulnerable code introduce in V_6_8_P1)
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=6f941396b6835ad18018845f515b0c4fe20be21a
 	NOTE: Issue introduced with https://anongit.mindrot.org/openssh.git/commit/?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2 (V_6_8_P1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/12/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/12/1
 CVE-2015-6563 (The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD pla ...)
 	{DLA-1500-1}
 	- openssh 1:6.9p1-1 (bug #795711)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	[squeeze] - openssh <no-dsa> (Minor issue)
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/11/9
 CVE-2015-6564 (Use-after-free vulnerability in the mm_answer_pam_free_ctx function in ...)
 	{DLA-1500-1}
 	- openssh 1:6.9p1-1 (bug #795711)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	[squeeze] - openssh <no-dsa> (Minor issue)
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/11/9
 CVE-2015-6737 (Cross-site scripting (XSS) vulnerability in the Widgets extension for  ...)
 	NOT-FOR-US: Widgets extension for MediaWiki
 	NOTE: https://phabricator.wikimedia.org/T88964
@@ -10271,7 +10271,7 @@ CVE-2015-5960 (Mozilla Firefox OS before 2.2 allows physically proximate attacke
 	NOT-FOR-US: Mozilla Firefox OS
 CVE-2015-6520 (IPPUSBXD before 1.22 listens on all interfaces, which allows remote at ...)
 	- ippusbxd 1.22-1 (bug #795162)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/11/1
 	NOTE: https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f
 	NOTE: https://github.com/tillkamppeter/ippusbxd/commit/a632841f8e65d402e13e81921515f5a1e2736c82
 CVE-2015-XXXX [publicfile-installer: insecure use of /tmp]
@@ -10282,12 +10282,12 @@ CVE-2015-XXXX [net/http: broken trailers don't close a server connection]
 	[wheezy] - golang <no-dsa> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/12027
 	NOTE: https://github.com/golang/go/commit/26049f6f9171d1190f3bbe05ec304845cfe6399f
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/06/2
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/08/06/2
 CVE-2015-6251 (Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4 ...)
 	{DSA-3334-1}
 	- gnutls28 3.3.17-1 (bug #795068)
 	- gnutls26 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/10/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/10/1
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
 	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
 	NOTE: _gnutls_x509_dn_to_string() introduced in 3.1.10 via:
@@ -10754,7 +10754,7 @@ CVE-2015-5745 (Buffer overflow in the send_control_msg function in hw/char/virti
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/06/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/06/3
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7882080388be5088e72c425b02223c02e6cb4295 (v2.4.0-rc3)
 	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=98b19252cf1bd97c54bc4613f3537c5ec0aae263 (v0.13.0-rc0)
 	NOTE: Patch for wheezy needs change since uses iov_from_buf:
@@ -10975,7 +10975,7 @@ CVE-2015-8383 (PCRE before 8.38 mishandles certain repeated conditional groups,
 	[wheezy] - pcre3 <not-affected> (vulnerable coded introduce in 8.34)
 	[squeeze] - pcre3 <not-affected> (vulnerable code introduced in 8.34)
 	NOTE: Fixed in 8.38
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/29/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/29/1
 	NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1557
 	NOTE: Introduced by/first bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1365
 CVE-2015-8382 (The match function in pcre_exec.c in PCRE before 8.37 mishandles the / ...)
@@ -10986,7 +10986,7 @@ CVE-2015-8382 (The match function in pcre_exec.c in PCRE before 8.37 mishandles
 	NOTE: http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1537
 	NOTE: Fixed upstream in upstream release pcre-8.37
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/04/2
 CVE-2015-XXXX [more to CVE-2015-2059]
 	- libidn 1.32-1
 	[jessie] - libidn 1.29-1+deb8u1
@@ -11005,26 +11005,26 @@ CVE-2015-XXXX [Sidekiq::Web lacks CSRF protection]
 	NOTE: Fix released in sidekiq 3.4.2
 	NOTE: Follow-up fix: https://github.com/mperham/sidekiq/commit/75a3524c919857aac16e0541b0cb107f48d00694
 	NOTE: Follow-up commit not included in 3.4.2~dfsg-1
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/08/01/2
 CVE-2015-XXXX [XSS via job arguments display class in Sidekiq::Web]
 	- ruby-sidekiq 3.4.2~dfsg-3
 	[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
 	NOTE: https://github.com/mperham/sidekiq/pull/2309
 	NOTE: Fixed by https://github.com/mperham/sidekiq/commit/54766f336620ca0ce3b0b87a7a56382496e64b61
 	NOTE: Fix released in sidekiq 3.4.0
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/08/01/2
 CVE-2015-XXXX [XSS via queue name in Sidekiq::Web]
 	- ruby-sidekiq 3.4.2~dfsg-3
 	[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
 	NOTE: https://github.com/mperham/sidekiq/issues/2330
 	NOTE: Fixed by https://github.com/mperham/sidekiq/commit/2178d66b6686fbf4430223c34c184a64c9906828
 	NOTE: Fix released in sidekiq 3.4.0
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/08/01/2
 CVE-2015-5707 (Integer overflow in the sg_start_req function in drivers/scsi/sg.c in  ...)
 	{DSA-3329-1 DLA-310-1}
 	- linux 4.1.3-1
 	- linux-2.6 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/01/6
 	NOTE: Probably introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10db10d144c0248f285242f79daf6b9de6b00a62 (v2.6.28-rc1)
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81 (v4.1-rc1)
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee (v4.1-rc1)
@@ -11033,7 +11033,7 @@ CVE-2015-5706 (Use-after-free vulnerability in the path_openat function in fs/na
 	[jessie] - linux 3.16.7-ckt11-1+deb8u3
 	[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
 	- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/01/5
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60545d0d4610b02e55f65d141c95b18ccf855b6e (v3.11-rc1)
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0 (v4.1-rc3)
 CVE-2015-5702
@@ -11050,7 +11050,7 @@ CVE-2015-5704 (scripts/licensecheck.pl in devscripts before 2.15.7 allows local
 	[wheezy] - devscripts <not-affected> (Vulnerable code not present)
 	[squeeze] - devscripts <not-affected> (Vulnerable code not present)
 	NOTE: Introduced in https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=025ad4ea8ba92d32bd698a83149f782c17f78bf0 (v2.15.5)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/01/1
 CVE-2015-5699 (The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux ...)
 	NOT-FOR-US: Cumulus Linux
 	NOTE: https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2015-July/000002.html
@@ -11234,7 +11234,7 @@ CVE-2015-5697 (The get_bitmap_file function in drivers/md/md.c in the Linux kern
 	- linux 4.1.3-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16 (v4.2-rc6)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/28/2
 CVE-2015-5620
 	RESERVED
 CVE-2015-5619 (Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack out ...)
@@ -11425,13 +11425,13 @@ CVE-2015-XXXX [integer overflow]
 	[jessie] - freexl 1.0.0g-1+deb8u2
 	[wheezy] - freexl 1.0.0b-1+deb7u2
 	NOTE: For the issue fixed in DSA-3310-1 not yet CVEified
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/06/7
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/06/7
 CVE-2015-XXXX [SQL Injection in host_templates.php]
 	- cacti 0.8.8e+ds1-1
 	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
 	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
 	[squeeze] - cacti 0.8.7g-1+squeeze7
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
 	NOTE: http://bugs.cacti.net/view.php?id=2584
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
 CVE-2015-XXXX [SQL Injection in graph_templates.php]
@@ -11439,7 +11439,7 @@ CVE-2015-XXXX [SQL Injection in graph_templates.php]
 	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
 	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
 	[squeeze] - cacti 0.8.7g-1+squeeze7
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
 	NOTE: http://bugs.cacti.net/view.php?id=2583
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
 CVE-2015-XXXX [SQL Injection in data_templates.php]
@@ -11447,7 +11447,7 @@ CVE-2015-XXXX [SQL Injection in data_templates.php]
 	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
 	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
 	[squeeze] - cacti 0.8.7g-1+squeeze7
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
 	NOTE: http://bugs.cacti.net/view.php?id=2582
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
 CVE-2015-XXXX [SQL Injection in cdef.php]
@@ -11455,7 +11455,7 @@ CVE-2015-XXXX [SQL Injection in cdef.php]
 	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
 	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
 	[squeeze] - cacti 0.8.7g-1+squeeze7
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
 	NOTE: http://bugs.cacti.net/view.php?id=2580
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
 CVE-2015-XXXX [SQL Injection Vulnerability in data sources]
@@ -11463,7 +11463,7 @@ CVE-2015-XXXX [SQL Injection Vulnerability in data sources]
 	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
 	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
 	[squeeze] - cacti 0.8.7g-1+squeeze7
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
 	NOTE: http://bugs.cacti.net/view.php?id=2579
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
 CVE-2015-XXXX [SQL Injection Vulnerability in graph items and graph template items]
@@ -11471,7 +11471,7 @@ CVE-2015-XXXX [SQL Injection Vulnerability in graph items and graph template ite
 	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
 	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
 	[squeeze] - cacti 0.8.7g-1+squeeze7
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
 	NOTE: http://bugs.cacti.net/view.php?id=2574
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
 CVE-2015-5590 (Stack-based buffer overflow in the phar_fix_filepath function in ext/p ...)
@@ -11531,7 +11531,7 @@ CVE-2015-5516 (Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM,
 CVE-2015-6240 (The chroot, jail, and zone connection plugins in ansible before 1.9.2  ...)
 	{DLA-1923-1}
 	- ansible 1.9.2+dfsg-1 (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/14/3
 CVE-2015-5515 (The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x- ...)
 	NOT-FOR-US: Drupal addon not packaged in Debian
 CVE-2015-5514 (Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x ...)
@@ -11658,7 +11658,7 @@ CVE-2015-5607 (Cross-site request forgery in the REST API in IPython 2 and 3. ..
 	NOTE: https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 (2.x)
 	NOTE: https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 (3.x)
 	NOTE: Affected versions: 0.12 <= version <= 3.2.0
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/12/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/12/4
 CVE-2015-5461 (Open redirect vulnerability in the Redirect function in stageshow_redi ...)
 	NOT-FOR-US: Redirect function in stageshow_redirect.php in the StageShow plugin for WordPress
 CVE-2015-5460 (Cross-site scripting (XSS) vulnerability in app/views/events/_menu.htm ...)
@@ -11848,13 +11848,13 @@ CVE-2015-8041 (Multiple integer overflows in the NDEF record parser in hostapd b
 	[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with CONFIG_WPS_NFC=y)
 	- hostapd <removed>
 	[squeeze] - hostapd <not-affected> (v0.7.0-v2.4 with CONFIG_WPS_NFC=y)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/08/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/08/3
 	NOTE: http://w1.fi/security/2015-5/
 CVE-2015-5395 (Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. ...)
 	- sogo 3.2.4-0.2 (bug #796197)
 	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://lists.debian.org/debian-lts/2016/05/msg00197.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/07/10
 	NOTE: http://www.sogo.nu/bugs/view.php?id=3246
 	NOTE: https://github.com/inverse-inc/sogo/commit/582baf2960969c73f98643e46cfb49432c30b711 (SOGo-3.1.0)
 CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before 3.6. ...)
@@ -11865,24 +11865,24 @@ CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before
 	- pdns-recursor 3.7.3-1
 	[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
 	[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/07/6
 	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
 	NOTE: Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch
 CVE-2015-5383 (Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...)
 	- roundcube <not-affected> (protection is done in apache config in binary package)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490378
 CVE-2015-5382 (program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6  ...)
 	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
 	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490379
 CVE-2015-5381 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
 	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
 	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490417
 CVE-2015-5400 (Squid before 3.5.6 does not properly handle CONNECT method peer respon ...)
 	{DSA-3327-1 DLA-286-1}
@@ -11893,13 +11893,13 @@ CVE-2015-5400 (Squid before 3.5.6 does not properly handle CONNECT method peer r
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch (3.5)
 	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch (3.4)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/06/8
 	NOTE: In squeeze's squid3 the code is structured differently but the bug still appears to be present.
 	NOTE: For squid 2.x all versions are affected, cf. comment by upstream in
 	NOTE: https://bugs.debian.org/793128#12
 CVE-2015-5380 (The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in  ...)
 	- nodejs <not-affected> (Only affects 0.12.x)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/05/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/05/1
 CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows rem ...)
 	NOT-FOR-US: Zurmo CRM
 CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series services g ...)
@@ -12105,7 +12105,7 @@ CVE-2015-5311 (PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allow
 	[wheezy] - pdns <not-affected> (Only 3.4.4 and later affected)
 	[squeeze] - pdns <not-affected> (Only 3.4.4 and later affected)
 	- pdns-recursor <not-affected> (recursor not affected)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/11/09/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/11/09/3
 CVE-2015-5310 (The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not prop ...)
 	{DSA-3397-1}
 	- wpa 2.3-2.3 (bug #804707)
@@ -12476,7 +12476,7 @@ CVE-2015-5221 (Use-after-free vulnerability in the mif_process_cmpt function in
 	- jasper <removed> (bug #796253)
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	[squeeze] - jasper <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/20/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/20/4
 	NOTE: Fixed by https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3
 CVE-2015-5220 (The Web Console in Red Hat Enterprise Application Platform (EAP) befor ...)
 	NOT-FOR-US: JBoss EAP
@@ -12707,7 +12707,7 @@ CVE-2015-5162 (The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.
 	- nova 2:13.0.0-1 (low)
 	[jessie] - nova <no-dsa> (Minor issue)
 	[wheezy] - nova <no-dsa> (Minor issue)
-	NOTE: Patches: http://www.openwall.com/lists/oss-security/2016/10/06/8
+	NOTE: Patches: https://www.openwall.com/lists/oss-security/2016/10/06/8
 CVE-2015-5161 (The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework ...)
 	{DSA-3340-1 DLA-302-1}
 	- zendframework 1.12.14+dfsg-1
@@ -12940,12 +12940,12 @@ CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH befo
 	{DLA-1500-1 DLA-288-1}
 	- openssh 1:6.9p1-1 (bug #790798)
 	[wheezy] - openssh <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/01/7
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
 CVE-2015-5147 (Stack-based buffer overflow in the header_anchor function in the HTML  ...)
 	- ruby-redcarpet <not-affected> (Affects v3.3.0 - v3.3.1)
 	NOTE: https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/29/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/29/3
 CVE-2015-5081 (Cross-site request forgery (CSRF) vulnerability in django CMS before 3 ...)
 	- python-django-cms <itp> (bug #516183)
 CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in pcre_co ...)
@@ -12956,7 +12956,7 @@ CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in pc
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1651
 	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1571 (8.38)
 	NOTE: Introduced in http://vcs.pcre.org/pcre?view=revision&revision=454 (8.00)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/26/1
 CVE-2015-5068 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allow ...)
 	NOT-FOR-US: SAP
 CVE-2015-5067 (The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetW ...)
@@ -13999,7 +13999,7 @@ CVE-2015-4707 (Cross-site scripting (XSS) vulnerability in IPython before 3.2 al
 	[wheezy] - ipython <not-affected> (Problematic code introduced in rel-2.0.0)
 	[squeeze] - ipython <not-affected> (Problematic code introduced in rel-2.0.0)
 	NOTE: https://github.com/ipython/ipython/commit/1fcc9943c000ab553ebc029db99ecbd0536960d6
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/22/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/22/4
 CVE-2015-4706 (Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 all ...)
 	- ipython <not-affected> (Only affects 3.x)
 CVE-2015-4704 (Directory traversal vulnerability in the Download Zip Attachments plug ...)
@@ -14118,21 +14118,21 @@ CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before
 	- php5 <not-affected> (Windows specific)
 	NOTE: https://bugs.php.net/bug.php?id=69646
 	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/18/3
 CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...)
 	{DSA-3344-1 DLA-307-1}
 	- php5 5.6.11+dfsg-1
 	NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
 	NOTE: https://bugs.php.net/bug.php?id=69545#1431550655
 	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/18/3
 CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...)
 	{DSA-3344-1 DLA-307-1}
 	- php5 5.6.11+dfsg-1
 	NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
 	NOTE: https://bugs.php.net/bug.php?id=69667
 	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/18/3
 CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl  ...)
 	NOT-FOR-US: Koha
 CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM,  ...)
@@ -14497,7 +14497,7 @@ CVE-2015-4491 (Integer overflow in the make_filter_table function in pixops/pixo
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=752297
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=8dba67cb4f38d62a47757741ad41e3f245b4a32a
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/17/17
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/17/17
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
 	NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
 CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in M ...)
@@ -14653,7 +14653,7 @@ CVE-2015-4556 (The string-translate* procedure in the data-structures unit in CH
 	[jessie] - chicken <no-dsa> (Minor issue)
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	[squeeze] - chicken <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/15/1
 CVE-2015-2967 (Cross-site scripting (XSS) vulnerability in settings.php in Cacti befo ...)
 	{DSA-3295-1 DLA-255-1}
 	- cacti 0.8.8d+ds1-1
@@ -15225,7 +15225,7 @@ CVE-2015-4692 (The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the L
 	[jessie] - linux 3.16.7-ckt11-1+deb8u3
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/10/6
 	NOTE: Vulnerable function introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=66450a21f99636af4fafac2afd33f1a40631bc3a (v3.10-rc1)
 CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function in Po ...)
 	[experimental] - policykit-1 0.113-1
@@ -15237,7 +15237,7 @@ CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function
 	NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90837
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90832
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/08/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/08/3
 	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
 	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
 	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228
@@ -15254,7 +15254,7 @@ CVE-2015-4410 (The Moped::BSON::ObjecId.legal? method in rubygem-moped before co
 	NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
 	NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
 	NOTE: https://sources.debian.org/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/06/1
 CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for Wo ...)
 	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
 CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 f ...)
@@ -15268,23 +15268,23 @@ CVE-2015-4335 (Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers
 	[squeeze] - redis <not-affected> (Lua support introduced in version 2.6.0)
 	NOTE: http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
 	NOTE: Patch: https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/05/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/05/3
 CVE-2015-XXXX [Null pointer access in inflatehd tool]
 	- nghttp2 <unfixed> (unimportant)
 	NOTE: Upstream report: https://github.com/tatsuhiro-t/nghttp2/issues/235
 	NOTE: Git commit: https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/03/20
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/06/03/20
 	NOTE: inflatehd not installed into the Debian binary packages
 CVE-2015-5523 (The ParseValue function in lexer.c in tidy before 4.9.31 allows remote ...)
 	{DSA-3309-1 DLA-273-1}
 	- tidy 20091223cvs-1.5 (bug #792571)
 	NOTE: https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/04/2
 CVE-2015-5522 (Heap-based buffer overflow in the ParseValue function in lexer.c in ti ...)
 	{DSA-3309-1 DLA-273-1}
 	- tidy 20091223cvs-1.5 (bug #792571)
 	NOTE: https://github.com/htacg/tidy-html5/issues/217
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/04/2
 CVE-2015-6593
 	REJECTED
 CVE-2015-4179 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Code ...)
@@ -15369,7 +15369,7 @@ CVE-2015-5366 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
 	NOTE: http://web.archive.org/web/20160309082241/https://twitter.com/grsecurity/status/605854034260426753
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/30/13
 CVE-2015-5364 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kerne ...)
 	{DSA-3313-1 DLA-310-1}
 	- linux 4.0.7-1
@@ -15377,17 +15377,17 @@ CVE-2015-5364 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
 	NOTE: http://web.archive.org/web/20160309082241/https://twitter.com/grsecurity/status/605854034260426753
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/30/13
 CVE-2015-XXXX [uudecode: stack out of bounds read access]
 	- sharutils <unfixed> (unimportant)
 	NOTE: Negligible security impact
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/02/8
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/06/02/8
 CVE-2015-4167 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel befo ...)
 	{DSA-3313-1 DSA-3290-1 DLA-246-1}
 	- linux 4.0.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 (v4.0-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/6
 CVE-2015-4140 (Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugi ...)
 	NOT-FOR-US: WordPress plugin wp-smiley
 CVE-2015-4139 (Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP S ...)
@@ -15421,7 +15421,7 @@ CVE-2015-4178 (The fs_pin implementation in the Linux kernel before 4.0.5 does n
 	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953 (v4.1-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/29/5
 CVE-2015-4177 (The collect_mounts function in fs/namespace.c in the Linux kernel befo ...)
 	- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
 	NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
@@ -15430,7 +15430,7 @@ CVE-2015-4177 (The collect_mounts function in fs/namespace.c in the Linux kernel
 	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae (v4.1-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/29/5
 CVE-2015-4126
 	RESERVED
 CVE-2015-4125
@@ -15605,20 +15605,20 @@ CVE-2015-XXXX [hwclock(8) SUID privilege escalation]
 	- util-linux 2.27-1 (unimportant; bug #786804)
 	NOTE: hwclock is not installed suid in Debian
 	NOTE: https://github.com/karelzak/util-linux/commit/687cc5d58942b24a9f4013c68876d8cbea907ab1
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/10
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/26/10
 CVE-2015-4082 (attic before 0.15 does not confirm unencrypted backups with the user,  ...)
 	- attic 0.16-1 (bug #787435)
 	[jessie] - attic <no-dsa> (Minor issue)
 	NOTE: https://github.com/jborg/attic/issues/271
 	NOTE: https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/25/3
 CVE-2015-4170 (Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem. ...)
 	- linux 3.13.4-1
 	[wheezy] - linux <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
 	- linux-2.6 <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae (v3.13-rc5)
 	NOTE: Affected code was introduced by the rewrite in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4898e640caf03fdbaf2122d5a33949bf3e4a5b34 (v3.11-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/26/1
 CVE-2015-4065 (Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound- ...)
 	NOT-FOR-US: WordPress plugin landing-pages
 CVE-2015-4064 (SQL injection vulnerability in modules/module.ab-testing.php in the La ...)
@@ -15655,7 +15655,7 @@ CVE-2015-4054 (PgBouncer before 1.5.5 allows remote attackers to cause a denial
 	NOTE: https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 (master)
 	NOTE: https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5 (stable-1.5)
 	NOTE: https://github.com/pgbouncer/pgbouncer/issues/42
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/21/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/21/2
 CVE-2015-8147
 	REJECTED
 CVE-2015-8146
@@ -15701,7 +15701,7 @@ CVE-2015-4027 (The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scan
 CVE-2015-4047 (racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause  ...)
 	{DSA-3272-1 DLA-234-1}
 	- ipsec-tools 1:0.8.2+20140711-3 (bug #785778)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/20/1
 CVE-2015-4023
 	RESERVED
 CVE-2015-4020 (RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4 ...)
@@ -15746,7 +15746,7 @@ CVE-2015-4041 (The keycompare_mb function in sort.c in sort in GNU Coreutils thr
 	NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
 CVE-2015-4035 (scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not  ...)
 	- xz-utils <not-affected> (Affects 4.999.9beta)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/18/7
 CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted Conta ...)
 	NOT-FOR-US: Encrypted Contact Form plugin for WordPress
 CVE-2015-4009
@@ -15855,7 +15855,7 @@ CVE-2015-4024 (Algorithmic complexity vulnerability in the multipart_buffer_head
 	- php5 5.6.9+dfsg-1
 	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
 	NOTE: https://bugs.php.net/bug.php?id=69364
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/18/2
 	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
 	- hhvm 3.11.0+dfsg-1
 	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/6188457bd90ed2f3516e778dca8e91536d91802e
@@ -15863,14 +15863,14 @@ CVE-2015-4022 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in
 	{DSA-3280-1 DLA-307-1}
 	- php5 5.6.9+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=69545
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/18/2
 	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
 CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41 ...)
 	{DSA-3280-1 DLA-307-1}
 	- php5 5.6.9+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=69453
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/17/2 and http://www.openwall.com/lists/oss-security/2015/05/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/17/2 and https://www.openwall.com/lists/oss-security/2015/05/18/2
 	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
 CVE-2015-3987 (Multiple unquoted Windows search path vulnerabilities in the (1) Clien ...)
 	NOT-FOR-US: McAfee
@@ -16043,7 +16043,7 @@ CVE-2015-3909
 CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname matches  ...)
 	{DLA-1923-1}
 	- ansible 1.9.2+dfsg-1 (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/14/4
 	NOTE: Fixed in commit https://github.com/ansible/ansible/commit/be7c59c7bbe2c7cfaad0151c42693ebd0ea4243f
 CVE-2015-3907 (CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE  ...)
 	NOT-FOR-US: CodeIgniter Rest Server
@@ -16251,12 +16251,12 @@ CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in drivers/v
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c (v4.0-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/13/4
 CVE-2015-3988 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashb ...)
 	- horizon 2015.1.0-2 (bug #786741)
 	[jessie] - horizon <not-affected> (Vulnerable code not present)
 	[wheezy] - horizon <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/12/9
 CVE-2015-3886 (libinfinity before 0.6.6-1 does not validate expired SSL certificates, ...)
 	- libinfinity 0.6.6-1 (bug #783601)
 	[jessie] - libinfinity 0.6.6-1~deb8u1
@@ -16264,7 +16264,7 @@ CVE-2015-3886 (libinfinity before 0.6.6-1 does not validate expired SSL certific
 	[squeeze] - libinfinity <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706
 	NOTE: https://github.com/gobby/gobby/issues/61
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/12/1
 CVE-2015-3815 (The detect_version function in wiretap/logcat.c in the Android Logcat  ...)
 	{DSA-3277-1}
 	- wireshark 1.12.5+g5819e5b-1
@@ -16695,20 +16695,20 @@ CVE-2015-3880 (Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x befo
 	[squeeze] - phpbb3 <no-dsa> (Minor issue)
 	NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.14
 	NOTE: Patch: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/12/2
 CVE-2015-XXXX [pdf2djvu: insecure use of /tmp when executing c44]
 	- pdf2djvu 0.7.21-1 (bug #784889)
 	[jessie] - pdf2djvu 0.7.17-4+deb8u1
 	[wheezy] - pdf2djvu 0.7.12-2+deb7u1
 	[squeeze] - pdf2djvu <no-dsa> (Minor issue)
 	NOTE: https://bitbucket.org/jwilk/pdf2djvu/issue/103
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/09/7
 CVE-2015-XXXX [didjvu: insecure use of /tmp when executing c44]
 	- didjvu 0.4-1 (bug #784888)
 	[jessie] - didjvu 0.2.8-1+deb8u1
 	[wheezy] - didjvu 0.2.3-2+deb7u1
 	NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/09/7
 CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 thro ...)
 	{DSA-3397-1}
 	- wpa 2.3-2.2 (bug #787371)
@@ -16719,7 +16719,7 @@ CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0
 	NOTE: http://w1.fi/security/2015-4/
 	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
 	NOTE: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
 	{DSA-3397-1}
 	- wpa 2.3-2.2 (bug #787371)
@@ -16731,7 +16731,7 @@ CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and wpa_sup
 	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
 	NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
 	NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
 	{DSA-3397-1}
 	- wpa 2.3-2.2 (bug #787371)
@@ -16743,7 +16743,7 @@ CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and wpa_sup
 	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
 	NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
 	NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
 	{DSA-3397-1}
 	- wpa 2.3-2.2 (bug #787371)
@@ -16753,7 +16753,7 @@ CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and wpa_sup
 	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
 	NOTE: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
 	NOTE: http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/5
 CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 thro ...)
 	{DSA-3397-1 DLA-260-1}
 	- wpa 2.3-2.2 (bug #787373)
@@ -16762,7 +16762,7 @@ CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5
 	- hostapd <removed>
 	NOTE: http://w1.fi/security/2015-3/
 	NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/09/5
 CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplican ...)
 	{DSA-3397-1}
 	- wpa 2.3-2.2 (bug #787372)
@@ -16772,7 +16772,7 @@ CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and wpa_supp
 	[squeeze] - hostapd <not-affected> (Affects 0.7.0-v2.4 with CONFIG_WPS_UPNP=y in the build configuration and upnp_iface parameter on runtime)
 	NOTE: http://w1.fi/security/2015-2/
 	NOTE: http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/09/4
 CVE-2015-XXXX [incorrect parsing of from header when assigning pgp keys]
 	- semi 1.14.7~0.20120428-17 (bug #784712)
 	[jessie] - semi 1.14.7~0.20120428-14+deb8u1
@@ -16832,18 +16832,18 @@ CVE-2015-3632 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allo
 	NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
 CVE-2015-3631 (Docker Engine before 1.6.1 allows local users to set arbitrary Linux S ...)
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/10
 CVE-2015-3630 (Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, ...)
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/10
 CVE-2015-3629 (Libcontainer 1.6.0, as used in Docker Engine, allows local users to es ...)
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/10
 CVE-2015-3628 (The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Cont ...)
 	NOT-FOR-US: F5
 CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor  ...)
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/10
 CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in t ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.7 ...)
@@ -17183,7 +17183,7 @@ CVE-2015-3905 (Buffer overflow in the set_cs_start function in t1disasm.c in t1u
 	- t1utils 1.38-4 (bug #779274)
 	[wheezy] - t1utils <no-dsa> (Minor issue)
 	NOTE: https://github.com/kohler/t1utils/issues/4
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/13/9
 CVE-2015-XXXX [crashes on crafted upack packed file]
 	- clamav 0.98.7+dfsg-1
 	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
@@ -17191,14 +17191,14 @@ CVE-2015-XXXX [crashes on crafted upack packed file]
 	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a18af359decd270f5088e80e2ee2866c62e0843e
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/ed56f56c1f1529bda877ddd116ae7bc064667c73
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/3
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/03/3
 CVE-2015-XXXX [crash during algorithmic detection on crafted PE file]
 	- clamav 0.98.7+dfsg-1
 	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
 	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
 	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a7bdfb4f0d3210eeab49280726ff3ea6d703280e
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/03/4
 CVE-2015-XXXX [BUG/MAJOR: http: don't read past buffer's end in http_replace_value]
 	- haproxy 1.5.12-1
 	[jessie] - haproxy <no-dsa> (Minor issue)
@@ -17213,7 +17213,7 @@ CVE-2015-XXXX [BUG/MAJOR: http: prevent risk of reading past end with balance ur
 	NOTE: For squeeze, the above commit message implies that the fix does not need to be backported to version 1.4 and indeed, the code already contains a (different) check that limits the value of "len".
 CVE-2015-4017 (Salt before 2014.7.6 does not verify certificates when connecting via  ...)
 	- salt <not-affected> (Vulnerable code not present in the version in Debian stable/unstable)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/02/1
 CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014 ...)
 	- keystone 2015.1.0-1
 	[jessie] - keystone <no-dsa> (Minor issue)
@@ -17357,7 +17357,7 @@ CVE-2015-3420 (The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when S
 	[jessie] - dovecot 1:2.2.13-12~deb8u1
 	[wheezy] - dovecot <not-affected> (Problematic patch introducing the issue not applied)
 	[squeeze] - dovecot <not-affected> (Vulnerable code not present & not reproducible)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/26/3
 	NOTE: Patch: http://web.archive.org/web/20150907231530/http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
 	NOTE: Segfault reproducible if using openssl/1.0.2a-1 from sid.
 	NOTE: http://dovecot.org/pipermail/dovecot/2015-April/100579.html
@@ -17370,7 +17370,7 @@ CVE-2015-3440 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php
 	- wordpress 4.2.1+dfsg-1 (bug #783554)
 	NOTE: http://klikki.fi/adv/wordpress2.html
 	NOTE: https://wordpress.org/news/2015/04/wordpress-4-2-1/
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/27/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/27/4
 	NOTE: https://core.trac.wordpress.org/changeset/32299
 CVE-2015-XXXX [Some plugins were vulnerable to an SQL injection vulnerability]
 	- wordpress 4.2+dfsg-1 (bug #783347)
@@ -17378,17 +17378,17 @@ CVE-2015-XXXX [Some plugins were vulnerable to an SQL injection vulnerability]
 	[wheezy] - wordpress 3.6.1+dfsg-1~deb7u6
 	[squeeze] - wordpress 3.6.1+dfsg-1~deb6u6
 	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
-	NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/26/2
+	NOTE: To be decided: https://www.openwall.com/lists/oss-security/2015/04/28/7
 CVE-2015-XXXX [files with invalid or unsafe names could be uploaded]
 	- wordpress 4.2+dfsg-1 (bug #783347)
 	[jessie] - wordpress 4.1+dfsg-1+deb8u1
 	[wheezy] - wordpress <not-affected> (File upload vulnerability only in WordPress 4.1 and higher)
 	[squeeze] - wordpress <not-affected> (File upload vulnerability only in WordPress 4.1 and higher)
 	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
-	NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/10/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/26/2
+	NOTE: To be decided: https://www.openwall.com/lists/oss-security/2015/04/28/7
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/06/10/11
 CVE-2015-3439 (Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiec ...)
 	{DSA-3250-1 DLA-236-1}
 	- wordpress 4.2+dfsg-1 (bug #783347)
@@ -17402,7 +17402,7 @@ CVE-2015-3438 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
 CVE-2015-3451 (The _clone function in XML::LibXML before 2.0119 does not properly set ...)
 	{DSA-3243-1 DLA-214-1}
 	- libxml-libxml-perl 2.0116+dfsg-2 (bug #783443)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/25/2
 	NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
 	NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
 CVE-2015-3418 (The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserv ...)
@@ -17609,7 +17609,7 @@ CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the
 	- linux 3.16.7-ckt9-3
 	- linux-2.6 <removed>
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/20/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/20/1
 CVE-2015-7942 (The xmlParseConditionalSections function in parser.c in libxml2 does n ...)
 	{DSA-3430-1 DLA-334-1}
 	- libxml2 2.9.3+dfsg1-1 (bug #802827)
@@ -17621,15 +17621,15 @@ CVE-2015-7941 (libxml2 2.9.2 does not properly stop parsing invalid input, which
 	{DSA-3430-1 DLA-266-1}
 	- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #783010)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/19/5
-	NOTE: http://www.openwall.com/lists/oss-security/2015/10/22/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/19/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/10/22/5
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (v2.9.3)
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 (v2.9.3)
 CVE-2015-8710 (The htmlParseComment function in HTMLparser.c in libxml2 allows attack ...)
 	{DSA-3430-1 DLA-266-1}
 	- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #782985)
 	NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/19/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/04/19/4
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=746048
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c
 CVE-2015-3328
@@ -17656,8 +17656,8 @@ CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in
 	NOTE: https://bugs.php.net/bug.php?id=69218
 	NOTE: https://bugs.php.net/bug.php?id=68486
 	NOTE: Fixed by: https://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/3
-	NOTE: For details on scope of the CVE assignment: http://www.openwall.com/lists/oss-security/2015/04/17/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/17/3
+	NOTE: For details on scope of the CVE assignment: https://www.openwall.com/lists/oss-security/2015/04/17/7
 CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...)
 	NOT-FOR-US: Hotspot Express hotEx Billing Manager
 CVE-2015-3318 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
@@ -17684,7 +17684,7 @@ CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode funct
 	- php5 5.6.9+dfsg-1
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
 	NOTE: https://bugs.php.net/bug.php?id=69441
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/16/22
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/16/22
 	NOTE: Fixed in 5.6.8 and 5.4.40
 CVE-2015-3315 (Automatic Bug Reporting Tool (ABRT) allows local users to read, change ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
@@ -17884,7 +17884,7 @@ CVE-2015-3251 (Apache CloudStack before 4.5.2 might allow remote authenticated a
 	NOT-FOR-US: Apache CloudStack
 CVE-2015-3250 (Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct ...)
 	- apache-directory-api 1.0.0~M20-3 (bug #791957)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/07/5
 CVE-2015-3249 (The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before  ...)
 	- trafficserver 5.3.1-1
 	[wheezy] - trafficserver <not-affected> (HTTP2 support does not exist)
@@ -18657,7 +18657,7 @@ CVE-2015-3306 (The mod_copy module in ProFTPD 1.3.5 allows remote attackers to r
 	{DSA-3263-1}
 	- proftpd-dfsg 1.3.5-2 (bug #782781)
 	[squeeze] - proftpd-dfsg <not-affected> (mod_copy not available in version 1.3.3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/15/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/15/2
 	NOTE: https://github.com/proftpd/proftpd/pull/109
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4169
 	NOTE: https://cxsecurity.com/issue/WLB-2015040075
@@ -18666,7 +18666,7 @@ CVE-2015-3331 (The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-in
 	- linux 3.16.7-ckt9-3 (bug #782561)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in v2.6.38-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/16
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/14/16
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a (v4.0-rc5)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0bd82f5f6355775fbaf7d3c664432ce1b862be1e (v2.6.38-rc1)
 CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Linux k ...)
@@ -18674,34 +18674,34 @@ CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Li
 	[jessie] - linux 3.16.7-ckt9-3~deb8u1
 	[wheezy] - linux <not-affected> (TCP Fast Open introduced in v3.6-rc1)
 	- linux-2.6 <not-affected> (TCP Fast Open introduced in v3.6-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/14
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/14/14
 	NOTE: http://thread.gmane.org/gmane.linux.network/359588
 CVE-2015-3310 (Buffer overflow in the rc_mksid function in plugins/radius/util.c in P ...)
 	{DSA-3228-1 DLA-205-1}
 	- ppp 2.4.6-3.1 (bug #782450)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/4
 	NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450
 CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlie ...)
 	{DSA-4154-1 DLA-1317-1}
 	- net-snmp 5.7.3+dfsg-1.1 (bug #788964)
 	[squeeze] - net-snmp <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/1
 	NOTE: Upstream patch: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
 	NOTE: https://sourceforge.net/p/net-snmp/bugs/2615/ (currently not public)
 CVE-2015-4085 (Directory traversal vulnerability in node/hooks/express/tests.js in Et ...)
 	- etherpad-lite <itp> (bug #576998)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/11/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/11/10
 CVE-2015-3297 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad  ...)
 	- etherpad-lite <itp> (bug #576998)
 CVE-2015-3010 (ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.cl ...)
 	- ceph-deploy <not-affected> (Fixed with initial upload to Debian)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/09/9
 CVE-2015-3405 (ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 d ...)
 	{DSA-3223-1 DLA-192-1}
 	- ntp 1:4.2.6.p5+dfsg-7
 	NOTE: https://bugs.ntp.org/show_bug.cgi?id=2797
 	NOTE: Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/09/5
 CVE-2015-3008 (Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x be ...)
 	{DSA-3700-1 DLA-455-1}
 	- asterisk 1:13.7.2~dfsg-1 (bug #782411)
@@ -18843,7 +18843,7 @@ CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for U
 	[wheezy] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
 	[squeeze] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
 	NOTE: https://trac.xiph.org/ticket/2191
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/8
 CVE-2015-3030 (The web interface in McAfee Advanced Threat Defense (MATD) before 3.4. ...)
 	NOT-FOR-US: McAfee Advanced Threat Defense
 CVE-2015-3029 (The web interface in McAfee Advanced Threat Defense (MATD) before 3.4. ...)
@@ -18858,25 +18858,25 @@ CVE-2015-3406 (The PGP signature parsing in Module::Signature before 0.74 allows
 	{DSA-3261-1 DLA-264-1}
 	- libmodule-signature-perl 0.78-1 (bug #783451)
 	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/07/1
 	NOTE: Changes might needed in libtest-signature-perl, need further investigation
 CVE-2015-3407 (Module::Signature before 0.74 allows remote attackers to bypass signat ...)
 	{DSA-3261-1 DLA-264-1}
 	- libmodule-signature-perl 0.78-1 (bug #783451)
 	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/07/1
 	NOTE: libtest-signature-perl needed to be updated
 CVE-2015-3408 (Module::Signature before 0.74 allows remote attackers to execute arbit ...)
 	{DSA-3261-1 DLA-264-1}
 	- libmodule-signature-perl 0.78-1 (bug #783451)
 	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/07/1
 	NOTE: Changes might needed in libtest-signature-perl, need further investigation
 CVE-2015-3409 (Untrusted search path vulnerability in Module::Signature before 0.75 a ...)
 	{DSA-3261-1 DLA-264-1}
 	- libmodule-signature-perl 0.78-1 (bug #783451)
 	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/07/1
 	NOTE: Changes might needed in libtest-signature-perl, need further investigation
 CVE-2015-2921
 	RESERVED
@@ -19054,12 +19054,12 @@ CVE-2015-2929 (The Hidden Service (HS) client implementation in Tor before 0.2.4
 	{DSA-3216-1 DLA-187-1}
 	- tor 0.2.5.12-1
 	NOTE: https://trac.torproject.org/projects/tor/ticket/15601
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/06/5
 CVE-2015-2928 (The Hidden Service (HS) server implementation in Tor before 0.2.4.27,  ...)
 	{DSA-3216-1 DLA-187-1}
 	- tor 0.2.5.12-1
 	NOTE: https://trac.torproject.org/projects/tor/ticket/15600
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/06/5
 CVE-2015-2837
 	RESERVED
 CVE-2015-2836
@@ -19077,12 +19077,12 @@ CVE-2015-2927 (node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to
 	[jessie] - node <no-dsa> (Minor issue)
 	[squeeze] - node <no-dsa> (Minor issue)
 	[wheezy] - node <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/03/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/03/10
 CVE-2015-XXXX [caja automounts USB flash drives and CD/DVD drives while session is locked]
 	- caja 1.8.2-4 (bug #781608)
 	[jessie] - caja 1.8.2-3+deb8u1
 	NOTE: https://github.com/mate-desktop/caja/issues/398
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/03/12
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/04/03/12
 CVE-2015-3013 (ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5  ...)
 	{DSA-3244-1}
 	[experimental] - owncloud 7.0.5+dfsg-1
@@ -19179,12 +19179,12 @@ CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does
 	- linux 3.16.7-ckt9-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b (v4.0-rc3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/02/1
 CVE-2015-XXXX [Signature Bypass in several JSON Web Token Libraries]
 	- pyjwt 1.3.0-1 (bug #781640)
 	[jessie] - pyjwt 0.2.1-1+deb8u1
 	NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/04/01/4
 	NOTE: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
 	NOTE: ruby-jwt not directly affected, see https://github.com/jwt/ruby-jwt/issues/76
 CVE-2015-2810 (Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Off ...)
@@ -19207,7 +19207,7 @@ CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to execu
 	{DSA-3221-1 DLA-194-1}
 	- das-watchdog 0.9.0-3.1 (bug #781806)
 	NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/8
 CVE-2015-2805 (Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa ...)
 	NOT-FOR-US: Alcatel-Lucent OmniSwitch
 CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250,  ...)
@@ -19248,71 +19248,71 @@ CVE-2015-2931 (Incomplete blacklist vulnerability in includes/upload/UploadBase.
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x b ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in MediaWik ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24,  ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto extension fo ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the CheckUser exten ...)
 	- mediawiki 1:1.19.20+dfsg-2.3
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2941 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24,  ...)
 	- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
 	NOTE: HHVM not packaged in Debian
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
 	- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
 	NOTE: HHVM not packaged in Debian
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 h ...)
 	NOT-FOR-US: MyBB
 CVE-2015-2784 (The papercrop gem before 0.3.0 for Ruby on Rails does not properly han ...)
@@ -19376,14 +19376,14 @@ CVE-2015-2793 (Cross-site scripting (XSS) vulnerability in templates/openid-sele
 	- ikiwiki 3.20141016.2 (bug #781483)
 	[wheezy] - ikiwiki 3.20120629.2
 	[squeeze] - ikiwiki <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/30/5
 CVE-2015-2806 (Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4. ...)
 	{DSA-3220-1 DLA-195-1}
 	[experimental] - libtasn1-6 4.4-1
 	- libtasn1-6 4.2-3
 	- libtasn1-3 <removed>
 	NOTE: https://gitlab.com/gnutls/libtasn1/commit/4d4f992826a4962790ecd0cce6fbba4a415ce149
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/4
 	NOTE: Only in the asn1 definition parser, not in the asn1 parser itself
 	NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2015-01/msg00000.html
 CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function in ex ...)
@@ -19393,7 +19393,7 @@ CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function
 CVE-2015-2782 (Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote atta ...)
 	{DSA-3213-1 DLA-188-1}
 	- arj 3.10.22-13 (bug #774015)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/28/5
 CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict a ...)
 	{DSA-3259-1 DLA-479-1}
 	- xen 4.2.0~rc2-1 (bug #781620)
@@ -20535,35 +20535,35 @@ CVE-2015-6674 (Buffer underflow vulnerability in the Debian inspircd package bef
 	{DSA-3226-1 DLA-276-1}
 	- inspircd 2.0.16-1 (bug #780880)
 	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5
 CVE-2015-2788 (Multiple stack-based buffer overflows in the ib_fill_isqlda function i ...)
 	{DSA-3219-1}
 	- libdbd-firebird-perl 1.18-2 (bug #780925)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/30/4
 CVE-2015-4148 (The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5 ...)
 	{DLA-307-1}
 	- php5 5.6.7+dfsg-1
 	[wheezy] - php5 5.4.39-0+deb7u1
 	NOTE: https://bugs.php.net/bug.php?id=69085
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/20/14
 CVE-2015-4147 (The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...)
 	{DLA-307-1}
 	- php5 5.6.7+dfsg-1
 	[wheezy] - php5 5.4.39-0+deb7u1
 	NOTE: https://bugs.php.net/bug.php?id=69085
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/20/14
 CVE-2015-2779 (Stack consumption vulnerability in the message splitting functionality ...)
 	- quassel 1:0.10.0-2.3 (bug #781024)
 	[wheezy] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.8)
 	[squeeze] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.6)
 	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/20/12
 CVE-2015-2778 (Quassel before 0.12-rc1 uses an incorrect data-type size when splittin ...)
 	- quassel 1:0.10.0-2.3 (bug #781024)
 	[wheezy] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.8)
 	[squeeze] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.6)
 	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/20/12
 CVE-2015-2348 (The move_uploaded_file implementation in ext/standard/basic_functions. ...)
 	{DSA-3198-1 DLA-444-1}
 	- php5 5.6.7+dfsg-1
@@ -20621,7 +20621,7 @@ CVE-2015-2749 (Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x bef
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2015-001
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/19/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/19/5
 CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...)
 	NOT-FOR-US: WooCommerce plugin for WordPress
 CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related  ...)
@@ -20635,7 +20635,7 @@ CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and rel
 	[squeeze] - pcre3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1515
 	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/31/4
 CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g&lt;-1&gt;))*/ pattern  ...)
 	- mongodb <removed> (unimportant)
 	NOTE: CVE for bundled version of pcre3 in mongodb
@@ -20647,7 +20647,7 @@ CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g&lt;-1&gt;))*/ pat
 	[squeeze] - pcre3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1503
 	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1495
-	NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/05/31/5
 CVE-2015-2326 (The pcre_compile2 function in PCRE before 8.37 allows context-dependen ...)
 	- pcre3 2:8.35-7.2 (bug #783285)
 	[jessie] - pcre3 2:8.35-3.3+deb8u1
@@ -20702,7 +20702,7 @@ CVE-2015-2666 (Stack-based buffer overflow in the get_matching_model_microcode f
 	- linux-2.6 <not-affected> (Introduced in 3.9)
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec400ddeff200b068ddc6c70f7321f49ecf32ed5 (v3.9-rc1)
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 (v4.0-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/18/7
 CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote authentica ...)
 	{DSA-3207-1 DLA-259-1}
 	- shibboleth-sp2 2.5.3+dfsg-2
@@ -20712,7 +20712,7 @@ CVE-2015-2672 (The xsave/xrstor implementation in arch/x86/include/asm/xsave.h i
 	- linux-2.6 <not-affected>
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 (v3.17-rc1)
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 (v4.0-rc3)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/18/6
 CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in libz ...)
 	{DSA-3198-1 DLA-212-1}
 	- php5 5.6.7+dfsg-1 (bug #780713)
@@ -20721,7 +20721,7 @@ CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in
 	[squeeze] - libzip <not-affected> (Vulnerable code introduced with added Zip64 support in 0.11)
 	NOTE: https://bugs.php.net/bug.php?id=69253
 	NOTE: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/18/1
 	NOTE: libzip patch: http://hg.nih.at/libzip/rev/9f11d54f692e
 CVE-2015-2330 (Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows  ...)
 	- webkitgtk 2.4.9-1 (unimportant)
@@ -20791,7 +20791,7 @@ CVE-2015-8903 (The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x
 	- imagemagick 8:6.8.9.9-6 (low)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
 	[squeeze] - imagemagick <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/20/4
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
 	NOTE: http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856
 CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6. ...)
@@ -20800,7 +20800,7 @@ CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x befo
 	- imagemagick 8:6.8.9.9-6 (low)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
 	[squeeze] - imagemagick <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/20/4
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
 	NOTE: http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855
 CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a ...)
@@ -20809,7 +20809,7 @@ CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to ca
 	- imagemagick 8:6.8.9.9-6
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
 	[squeeze] - imagemagick <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/20/4
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
 CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x a ...)
 	{DLA-960-1}
@@ -20817,7 +20817,7 @@ CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and
 	- imagemagick 8:6.8.9.9-6
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
 	[squeeze] - imagemagick <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/20/4
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
 	NOTE: http://web.archive.org/web/20150501030131/http://trac.imagemagick.org/changeset/17845
 	NOTE: http://web.archive.org/web/20150429001241/http://trac.imagemagick.org/changeset/17846
@@ -20849,7 +20849,7 @@ CVE-2015-2674 (Restkit allows man-in-the-middle attackers to spoof TLS servers b
 	[wheezy] - python-restkit <ignored> (Minor issue)
 	[squeeze] - python-restkit <no-dsa> (Minor issue)
 	NOTE: https://github.com/benoitc/restkit/issues/140
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/12/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/12/9
 CVE-2015-2283
 	RESERVED
 CVE-2015-2282 (Stack-based buffer overflow in the LZC decompression implementation (C ...)
@@ -20957,12 +20957,12 @@ CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function
 	- php5 5.6.6+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68901
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/10/6
 CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters  ...)
 	- cups-filters 1.0.61-5 (bug #780267)
 	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
 	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/09/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/09/5
 CVE-2015-2241 (Cross-site scripting (XSS) vulnerability in the contents function in a ...)
 	- python-django 1.7.6-1
 	[wheezy] - python-django <not-affected> (Only affects 1.7.x and 1.8.x)
@@ -21091,7 +21091,7 @@ CVE-2015-2675 (The OAuth implementation in librest before 0.7.93 incorrectly tru
 	[squeeze] - librest <not-affected> (rest_proxy_call_get_url not yet used)
 	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
 	NOTE: Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/04/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/04/6
 CVE-2015-2204 (Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 all ...)
 	NOT-FOR-US: Evergreen library
 CVE-2015-2203 (Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users wi ...)
@@ -21361,7 +21361,7 @@ CVE-2015-XXXX [MATTA-2015-002: Enforce acceptable range for Diffie-Hellman serve
 	[wheezy] - putty 0.62-9+deb7u2
 	[squeeze] - putty 0.60+2010-02-20-1+squeeze3
 	NOTE: temporary workaround until CVE assigned to explitly tag for wheezy+squeeze
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/27/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/27/4
 	NOTE: http://advisories.mageia.org/MGASA-2015-0098.html
 CVE-2015-2172 (DokuWiki before 2014-05-05d and before 2014-09-29c does not properly c ...)
 	- dokuwiki 0.0.20140929.d-1 (bug #779547)
@@ -21375,7 +21375,7 @@ CVE-2015-2158 (Off-by-one error in the pngcrush_measure_idat function in pngcrus
 	- pngcrush <not-affected> (Vulnerable code not present)
 	NOTE: Introduced by http://sourceforge.net/p/pmt/code/ci/e1a36a9639e2db16494d90459c7c2b78677a20bf/ (1.7.83)
 	NOTE: Fixed by: http://sourceforge.net/p/pmt/code/ci/a1ce646d00a400fd9ec321ab5cb522f40b7bdfe6/ (1.7.84)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/28/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/28/6
 CVE-2015-2157 (The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY ...)
 	{DSA-3190-1 DLA-173-1}
 	- putty 0.63-10 (bug #779488)
@@ -21431,7 +21431,7 @@ CVE-2015-8984 (The fnmatch function in the GNU C Library (aka glibc or libc6) be
 	[wheezy] - eglibc 2.13-38+deb7u9
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/26/5
 CVE-2015-2079
 	RESERVED
 CVE-2015-2078 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft  ...)
@@ -21519,7 +21519,7 @@ CVE-2015-8983 (Integer overflow in the _IO_wstr_overflow function in libio/wstro
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17269
 	NOTE: Fixed upstream in 2.22
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/22/15
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/22/15
 CVE-2015-8477 (Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allow ...)
 	- redmine 3.0~20140825-5 (low)
 	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
@@ -21986,7 +21986,7 @@ CVE-2015-1852 (The s3_token middleware in OpenStack keystonemiddleware before 1.
 CVE-2015-1851 (OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4  ...)
 	{DSA-3292-1}
 	- cinder 2015.1.0+2015.06.16.git26.9634b76ba5-1 (bug #788996)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2015/06/13/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231817
 	NOTE: https://bugs.launchpad.net/cinder/+bug/1415087
 CVE-2015-1850
@@ -22614,7 +22614,7 @@ CVE-2015-XXXX [incorrect memory management in Gtk2::Gdk::Display::list_devices]
 	NOTE: CVE needs to be added to data/D[SL]A/list
 	NOTE: https://mail.gnome.org/archives/gtk-perl-list/2015-January/msg00039.html
 	NOTE: https://bugs.mageia.org/show_bug.cgi?id=15173
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/14
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/20/14
 CVE-2015-XXXX [Linux ASLR mmap weakness: Reducing entropy by half]
 	- linux 4.0.2-1
 	[jessie] - linux 3.16.7-ckt17-1
@@ -22631,7 +22631,7 @@ CVE-2015-2060 (cabextract before 1.6 does not properly check for leading slashes
 	[jessie] - cabextract <no-dsa> (Minor issue)
 	[wheezy] - cabextract <no-dsa> (Minor issue)
 	[squeeze] - cabextract <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/18/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/18/3
 	NOTE: Upstream commit: http://sourceforge.net/p/libmspack/code/217
 	NOTE: CVE assigned for issue were path traversal occurs because the unpatched
 	NOTE: code does neither of the following: 1) checking for slashes after decoding
@@ -22642,7 +22642,7 @@ CVE-2015-2297 (nanohttp in libcsoap allows remote attackers to cause a denial of
 	[squeeze] - libcsoap <no-dsa> (Minor issue)
 	[wheezy] - libcsoap <no-dsa> (Minor issue)
 	NOTE: CVE assigned only for the null pointer dereference, not all issues in
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/17/2
 CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earl ...)
 	{DSA-3177-1 DLA-170-1}
 	- mod-gnutls 0.6-1.3 (bug #578663)
@@ -22716,7 +22716,7 @@ CVE-2015-1592 (Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro
 	- movabletype-opensource <removed>
 	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/2
 CVE-2015-1572 (Heap-based buffer overflow in closefs.c in the libext2fs library in e2 ...)
 	{DSA-3166-1 DLA-162-1}
 	- e2fsprogs 1.42.12-1.1 (bug #778948)
@@ -22772,7 +22772,7 @@ CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spenc
 	NOTE: No security impact in nvi/vigor and openrpt
 	NOTE: http://www.kb.cert.org/vuls/id/695940
 	NOTE: https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/16/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/16/8
 CVE-2015-XXXX [insecure storage of password in the NUT-monitor app]
 	- nut 2.7.2-2 (low; bug #777706)
 	[wheezy] - nut <no-dsa> (Minor issue)
@@ -22959,7 +22959,7 @@ CVE-2015-2046 (Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and l
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Upstream patch: https://github.com/mantisbt/mantisbt/commit/6defeed5 (1.2.x)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=19301
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/10
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/09/10
 	NOTE: CVE for specific portion of the original May 2014 adm_config_report.php discovery
 	NOTE: that remains present in version 1.2.18 and 1.2.19
 CVE-2015-XXXX [fails to detect silent driver failure to change MAC]
@@ -22970,17 +22970,17 @@ CVE-2015-9101 (The fill_buffer_resample function in util.c in libmp3lame.a in LA
 	- lame 3.99.5+repack1-6 (bug #777161)
 	[wheezy] - lame 3.99.5+repack1-3+deb7u1
 	[squeeze] - lame <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/8
 CVE-2015-9100 (The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3. ...)
 	- lame 3.99.5+repack1-6 (bug #777160)
 	[wheezy] - lame 3.99.5+repack1-3+deb7u1
 	[squeeze] - lame <no-dsa> (minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/8
 CVE-2015-9099 (The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 ...)
 	- lame 3.99.5+repack1-6 (bug #775959)
 	[wheezy] - lame 3.99.5+repack1-3+deb7u1
 	[squeeze] - lame <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/8
 CVE-2015-XXXX [denial of service under memory stress]
 	- libhtp 1:0.5.25-1 (bug #777522)
 	[squeeze] - libhtp <no-dsa> (Minor issue)
@@ -22989,11 +22989,11 @@ CVE-2015-XXXX [denial of service under memory stress]
 CVE-2015-2058 (c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates dat ...)
 	- jabberd2 2.3.3-1 (bug #779154)
 	NOTE: https://github.com/jabberd2/jabberd2/issues/85
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/09/13
 CVE-2015-2059 (The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in  ...)
 	{DSA-3578-1 DLA-476-1 DLA-277-1}
 	- libidn 1.31-1 (medium)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/23/25
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/23/25
 	NOTE: Patch: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e
 	NOTE: This could be attributed to a misuse of a (poorly documented) API
 	NOTE: but since upstream provided a patch it makes more sense to fix
@@ -23014,20 +23014,20 @@ CVE-2015-1546 (Double free vulnerability in the get_vrFilter function in servers
 CVE-2015-2785 (The GIF encoder in Byzanz allows remote attackers to cause a denial of ...)
 	- byzanz <unfixed> (unimportant; bug #778261)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=852481
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/11
 	NOTE: Only applies to debug recordings, negligable security impact
 CVE-2015-8837 (Stack-based buffer overflow in the isofs_real_readdir function in isof ...)
 	{DSA-3551-1 DLA-323-1}
 	- fuseiso 20070708-3.2 (bug #779047)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863091
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862211
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/7
 CVE-2015-8836 (Integer overflow in the isofs_real_read_zf function in isofs.c in Fuse ...)
 	{DSA-3551-1 DLA-323-1}
 	- fuseiso 20070708-3.2 (bug #779047)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863102
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=861358
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/7
 CVE-2015-1547 (The NeXTDecode function in tif_next.c in LibTIFF allows remote attacke ...)
 	{DSA-3273-1 DLA-610-1 DLA-221-1}
 	- tiff 4.0.3-12.1 (bug #777390)
@@ -23161,21 +23161,21 @@ CVE-2015-XXXX [Invalid read in ensure_filepath]
 	- cabextract 1.4-5
 	[wheezy] - cabextract <no-dsa> (Minor issue)
 	[squeeze] - cabextract <no-dsa> (Minor issue)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/03/12
 	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
 CVE-2015-XXXX [Invalid read in create_output_name]
 	- libmspack 0.5-1
 	- cabextract 1.4-5
 	[wheezy] - cabextract <no-dsa> (Minor issue)
 	[squeeze] - cabextract <no-dsa> (Minor issue)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/03/12
 	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
 CVE-2015-1465 (The IPv4 implementation in the Linux kernel before 3.18.8 does not pro ...)
 	- linux 3.16.7-ckt7-1
 	[wheezy] - linux <not-affected> (Introduced in 3.16)
 	- linux-2.6 <not-affected> (Introduced in 3.16)
 	NOTE: Upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0 (v3.19-rc7)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/02/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/02/2
 CVE-2015-1473 (The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka gli ...)
 	{DSA-3169-1 DLA-165-1}
 	- glibc 2.19-15 (bug #777197)
@@ -23224,7 +23224,7 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
 	[squeeze] - xymon <not-affected> (Vulnerable code not present)
 	[wheezy] - xymon <not-affected> (Vulnerable code not present)
 	NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/30/17
 CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities ...)
 	NOT-FOR-US: JAKWEB Gecko CMS
 CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2 ...)
@@ -23241,7 +23241,7 @@ CVE-2015-1589 (Directory traversal vulnerability in arCHMage 0.2.4 allows remote
 	- archmage 1:0.2.4-4 (bug #776164)
 	[squeeze] - archmage <no-dsa> (Minor issue)
 	[wheezy] - archmage <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/9
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/9
 CVE-2015-1419 (Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote at ...)
 	- vsftpd 3.0.2-18 (unimportant; bug #776922)
 	[jessie] - vsftpd 3.0.2-17+deb8u1
@@ -23254,7 +23254,7 @@ CVE-2015-1417 (The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BET
 	NOTE: kfreebsd not covered by security support in Jessie
 CVE-2015-1416 (Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 ...)
 	- patch 2.5-1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/08/02/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/08/02/6
 	NOTE: CVE assignment applies as well to GNU patch before 2.3 and 2.2.5
 CVE-2015-1415 (The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configur ...)
 	NOT-FOR-US: FreeBSD installer
@@ -23543,7 +23543,7 @@ CVE-2015-1379 (The signal handler implementations in socat before 1.7.3.0 and 2.
 	- socat 1.7.2.4-2 (bug #776234)
 	[wheezy] - socat <no-dsa> (Minor issue)
 	[squeeze] - socat <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/6
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/24/6
 	NOTE: Upstream advisory: http://www.dest-unreach.org/socat/contrib/socat-secadv6.txt
 CVE-2015-1378 (cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68 ...)
 	- grml-debootstrap 0.68.1 (low; bug #776502)
@@ -23556,7 +23556,7 @@ CVE-2015-1395 (Directory traversal vulnerability in GNU patch versions which sup
 	[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
 	[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
 	NOTE: Upstream report: https://savannah.gnu.org/bugs/?44059
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/24/2
 CVE-2015-1370 (Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Nod ...)
 	- node-marked 0.3.6+dfsg-1 (unimportant)
 	NOTE: https://nodesecurity.io/advisories/marked_vbscript_injection
@@ -24112,18 +24112,18 @@ CVE-2015-1396 (A Directory Traversal vulnerability exists in the GNU patch befor
 	- patch 2.7.3-1 (bug #775901)
 	[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
 	[squeeze] - patch <not-affected>  (Not affected by CVE-2015-1196 and no incomplete fix applied)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/3
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/24/3
 CVE-2015-1353
 	REJECTED
 CVE-2015-4471 (Off-by-one error in the lzxd_decompress function in lzxd.c in libmspac ...)
 	- libmspack 0.5-1 (bug #775499)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-4470 (Off-by-one error in the inflate function in mszipd.c in libmspack befo ...)
 	- libmspack 0.5-1 (bug #775498)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-4472 (Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack befor ...)
 	- libmspack 0.5-1 (bug #775687)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-1591 (The kamailio build in kamailio before 4.2.0-2 process allows local use ...)
 	- kamailio 4.2.0-2 (bug #775681)
 	NOTE: https://github.com/kamailio/kamailio/issues/48
@@ -24410,7 +24410,7 @@ CVE-2015-1051 (Open redirect vulnerability in the Context UI module in the Conte
 CVE-2015-2304 (Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 a ...)
 	{DSA-3180-1 DLA-166-1}
 	- libarchive 3.1.2-11 (bug #778266)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/7
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/16/7
 	NOTE: Patch: https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526
 CVE-2015-1200 (Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for t ...)
 	- pxz 4.999.99~beta3+git659fc9b-3 (bug #775306)
@@ -24709,8 +24709,8 @@ CVE-2015-5700 (mktexlsr revision 22855 through revision 36625 as packaged in tex
 	- texlive-bin 2014.20140926.35254-5 (bug #775139)
 	[wheezy] - texlive-bin <no-dsa> (Minor issue)
 	[squeeze] - texlive-bin <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/23/22
-	NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/23/22
+	NOTE: https://www.openwall.com/lists/oss-security/2015/07/28/5
 	NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
 CVE-2015-1196 (GNU patch 2.7.1 allows remote attackers to write to arbitrary files vi ...)
 	- patch 2.7.1-7 (bug #775227)
@@ -24846,7 +24846,7 @@ CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.1 allows remote
 	[squeeze] - squid <no-dsa> (Minor issue)
 	[wheezy] - squid <no-dsa> (Minor issue)
 	- squid3 3.1.1-1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/01/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/03/01/2
 	NOTE: Patch: http://www.squid-cache.org/Versions/v3/3.1/changesets/b9619.patch
 	NOTE: https://jvn.jp/en/jp/JVN64455813/index.html
 CVE-2015-0880 (Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attacker ...)
@@ -25705,13 +25705,13 @@ CVE-2015-1197 (cpio 2.11, when using the --no-absolute-filenames option, allows
 	NOTE: Regression in upstream's handling of patch https://bugs.debian.org/946267
 CVE-2015-4469 (The chmd_read_headers function in chmd.c in libmspack before 0.5 does  ...)
 	- libmspack 0.4-3 (bug #774726)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-4468 (Multiple integer overflows in the search_chunk function in chmd.c in l ...)
 	- libmspack 0.4-3 (bug #774726)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-4467 (The chmd_init_decomp function in chmd.c in libmspack before 0.5 does n ...)
 	- libmspack 0.4-3 (bug #774725)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+	NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-9275 (ARC 5.21q allows directory traversal via a full pathname in an archive ...)
 	- arc 5.21q-6 (low; bug #774527)
 	[stretch] - arc 5.21q-4+deb9u1
@@ -25723,7 +25723,7 @@ CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any promp
 	[jessie] - lftp 4.6.0-1+deb8u1
 	[squeeze] - lftp <no-dsa> (Minor issue)
 	[wheezy] - lftp <no-dsa> (Minor issue)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/12/10
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/03/12/10
 CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in epan/dissectors ...)
 	{DSA-3141-1 DLA-198-1}
 	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
@@ -25972,7 +25972,7 @@ CVE-2015-0480 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, a
 	- openjdk-8 8u45-b14-1
 	- openjdk-7 7u79-2.5.5-1 (bug #774953)
 	- openjdk-6 6b35-1.13.7-1
-	NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/2
+	NOTE: https://www.openwall.com/lists/oss-security/2015/01/16/2
 CVE-2015-0479 (Unspecified vulnerability in the XDK and XDB - XML Database component  ...)
 	NOT-FOR-US: Oracle
 CVE-2015-0478 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index df9a87fe45..3df4bff04f 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -2066,12 +2066,12 @@ CVE-2016-10252 (Memory leak in the IsOptionMember function in MagickCore/option.
 CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in Jas ...)
 	{DSA-3827-1 DLA-920-1}
 	- jasper <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/11
 	NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
 	NOTE: https://github.com/asarubbo/poc/blob/master/00029-jasper-uninitvalue-jpc_pi_nextcprl
 CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900. ...)
 	- jasper <removed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/20/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/20/5
 	NOTE: Not suitable for code injection, hardly denial of service
 	NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
 CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...)
@@ -2079,13 +2079,13 @@ CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in M
 	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
 	NOTE: Although jstest_main.c compiled during build and mujstest is created
 	NOTE: it is not included in the produced binary packages
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19
 CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in A ...)
 	- mupdf <unfixed> (unimportant)
 	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
 	NOTE: Although jstest_main.c compiled during build and mujstest is created
 	NOTE: it is not included in the produced binary packages
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/20
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/20
 CVE-2016-10245 (Insufficient sanitization of the query parameter in templates/html/sea ...)
 	{DLA-1812-1}
 	- doxygen 1.8.12-1
@@ -2252,28 +2252,28 @@ CVE-2016-10197 (The search_make_new function in evdns.c in libevent before 2.1.6
 	{DSA-3789-1 DLA-824-1}
 	- libevent 2.0.21-stable-3 (bug #854092)
 	NOTE: https://github.com/libevent/libevent/issues/332
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
 CVE-2016-10196 (Stack-based buffer overflow in the evutil_parse_sockaddr_port function ...)
 	{DSA-3789-1 DLA-824-1}
 	- libevent 2.0.21-stable-3 (bug #854092)
 	NOTE: https://github.com/libevent/libevent/issues/318
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
 CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta allow ...)
 	{DSA-3789-1 DLA-824-1}
 	- libevent 2.0.21-stable-3 (bug #854092)
 	NOTE: https://github.com/libevent/libevent/issues/317
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
 CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-p ...)
 	{DSA-3820-1}
 	- gst-plugins-good1.0 1.10.3-1 (low)
 	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
 CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacpars ...)
 	{DSA-3820-1 DLA-2225-1 DLA-828-1}
 	- gst-plugins-good1.0 1.10.3-1 (low)
 	- gst-plugins-good0.10 <removed> (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450
 CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy]
 	- iio-sensor-proxy 2.0-4 (bug #853951)
@@ -2281,19 +2281,19 @@ CVE-2016-10192 (Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10
 	- ffmpeg 7:3.2.2-1
 	- libav <not-affected> (Vulnerable code not present in libav, only in ffmpeg)
 	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
 CVE-2016-10191 (Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2 ...)
 	{DLA-1611-1}
 	- ffmpeg 7:3.2.2-1
 	- libav <removed>
 	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
 CVE-2016-10190 (Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8. ...)
 	{DLA-1611-1}
 	- ffmpeg 7:3.2.2-1
 	- libav <removed>
 	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
 CVE-2016-10193 (The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to e ...)
 	NOT-FOR-US: espeak-ruby Ruby gem
 CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to execute arbi ...)
@@ -2329,7 +2329,7 @@ CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of
 	- bitlbee 3.5-1
 	NOTE: https://bugs.bitlbee.org/ticket/1282
 	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4
 	NOTE: When fixing this CVE make sure to apply as well
 	NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
 	NOTE: to not open CVE-2017-5668
@@ -2338,14 +2338,14 @@ CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 all
 	- bitlbee 3.5-1
 	NOTE: https://bugs.bitlbee.org/ticket/1281
 	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4
 CVE-2016-10187 (The E-book viewer in calibre before 2.75 allows remote attackers to re ...)
 	{DLA-859-1}
 	- calibre 2.75.1+dfsg-1 (low; bug #853004)
 	[jessie] - calibre <no-dsa> (Minor issue)
 	NOTE: Upstream report: https://launchpad.net/bugs/1651728
 	NOTE: Upstream fix: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/8
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/8
 CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and archiv ...)
 	{DSA-3778-1 DLA-808-1}
 	- ruby-minitar 0.5.4-3.1 (bug #853075)
@@ -2382,7 +2382,7 @@ CVE-2016-10166 (Integer underflow in the _gdContributionsAlloc function in gd_in
 	- libgd2 2.2.4-1
 	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
 CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ...)
 	{DSA-3777-1 DLA-804-1}
 	- php7.1 7.1.1-1 (unimportant)
@@ -2393,7 +2393,7 @@ CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graph
 	NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
 	- libgd2 2.2.4-1
 	NOTE: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
 CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ...)
 	{DSA-3777-1 DLA-804-1}
 	- php7.1 7.1.1-1 (unimportant)
@@ -2404,7 +2404,7 @@ CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libg
 	NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
 	- libgd2 2.2.4-1
 	NOTE: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
 CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) all ...)
 	{DSA-3774-1 DLA-803-1}
 	- lcms2 2.8-4 (bug #852627)
@@ -2414,7 +2414,7 @@ CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a progr
 	{DSA-3772-1 DLA-801-1}
 	- libxpm 1:3.5.12-1
 	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/22/2
 CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal function in  ...)
 	- virglrenderer 0.6.0-1 (bug #852603)
 	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0)
@@ -2530,7 +2530,7 @@ CVE-2016-10146 (Multiple memory leaks in the caption and label handling code in
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2016-10140 (Information disclosure and authentication bypass vulnerability exists  ...)
 	{DLA-806-1}
 	- zoneminder 1.30.4+dfsg-1 (bug #851710)
@@ -2541,12 +2541,12 @@ CVE-2016-10144 (coders/ipl.c in ImageMagick allows remote attackers to have unsp
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851485)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote attacker ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851483)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...)
 	NOT-FOR-US: MuJS
 CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...)
@@ -2588,7 +2588,7 @@ CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (
 	NOTE: https://github.com/rohe/pysaml2/issues/366
 	NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE)
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE)
 CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier a ...)
 	{DSA-3759-1}
 	- python-pysaml2 3.0.0-5 (bug #850716)
@@ -2598,7 +2598,7 @@ CVE-2016-10134 (SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 befo
 	{DSA-3802-1}
 	- zabbix 1:3.0.4+dfsg-1 (bug #850936)
 	NOTE: https://support.zabbix.com/browse/ZBX-11023
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/4
 CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02-22. W ...)
 	- lxc 1:2.0.0-1
 	[jessie] - lxc <no-dsa> (Minor issue)
@@ -2607,35 +2607,35 @@ CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02
 	NOTE: https://github.com/lxc/lxc/commit/5eacdc3dbd0e45abf3cc90cf0216a7f8ee560abf (lxc-2.0.0.rc2)
 CVE-2016-10123 (Firejail allows --chroot when seccomp is not supported, which might al ...)
 	- firejail 0.9.38-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
 	NOTE: https://github.com/netblue30/firejail/commit/a23ac1bf390fa4c3db4ea31e6ee6100a9c511d59 (0.9.38-rc1)
 CVE-2016-10122 (Firejail does not properly clean environment variables, which allows l ...)
 	- firejail 0.9.44.2-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
 	NOTE: https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f
 	NOTE: https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc
 	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 (0.9.44.2)
 	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c (0.9.44.2)
 CVE-2016-10121 (Firejail uses weak permissions for /dev/shm/firejail and possibly othe ...)
 	- firejail 0.9.38-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
 	NOTE: https://github.com/netblue30/firejail/commit/1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (0.9.38)
 CVE-2016-10120 (Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, ( ...)
 	- firejail 0.9.38-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
 	NOTE: https://github.com/netblue30/firejail/commit/cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (0.9.38-rc1)
 CVE-2016-10119 (Firejail uses 0777 permissions when mounting /tmp, which allows local  ...)
 	- firejail 0.9.38-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
 	NOTE: https://github.com/netblue30/firejail/commit/aa28ac9e09557b833f194f594e2940919d940d1f (0.9.38)
 CVE-2016-10118 (Firejail allows local users to truncate /etc/resolv.conf via a chroot  ...)
 	- firejail 0.9.44.2-1 (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
 	NOTE: https://github.com/netblue30/firejail/commit/6144229605177764b7f3f3450c1a47f56595dc9e
 	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 (0.9.44.2)
 CVE-2016-10117 (Firejail does not restrict access to --tmpfs, which allows local users ...)
 	- firejail 0.9.38-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
 	NOTE: https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1)
 CVE-2016-10116 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo  ...)
 	NOT-FOR-US: NETGEAR
@@ -2678,7 +2678,7 @@ CVE-2016-10109 (Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a
 	- pcsc-lite 1.8.20-1
 	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
 	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/03/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/03/2
 CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...)
 	NOT-FOR-US: SendQuick Entera and Avera devices
 CVE-2016-10097 (XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/ ...)
@@ -2786,8 +2786,8 @@ CVE-2016-10040 (Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allo
 	[jessie] - qt4-x11 <ignored> (Minor issue)
 	[wheezy] - qt4-x11 <ignored> (Minor issue)
 	- qtbase-opensource-src 5.2.0+dfsg-7
-	NOTE: CVE assignment specific to http://www.openwall.com/lists/oss-security/2016/12/24/2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/24/1
+	NOTE: CVE assignment specific to https://www.openwall.com/lists/oss-security/2016/12/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/24/1
 	NOTE: https://github.com/qt/qtbase/commit/f1053d94f59f053ce4acad9320df14f1fbe4faac
 CVE-2016-10039 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
 	NOT-FOR-US: MODX Revolution
@@ -2812,7 +2812,7 @@ CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer befor
 	- libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365)
 	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
 	NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449
-	NOTE: Fix potentially incomplete, cf http://www.openwall.com/lists/oss-security/2016/12/28/1
+	NOTE: Fix potentially incomplete, cf https://www.openwall.com/lists/oss-security/2016/12/28/1
 	NOTE: When updating libphp-phpmailer for CVE-2016-10033 make sure to apply the
 	NOTE: complete patch to not make libphp-phpmailer affected by CVE-2016-10045.
 	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
@@ -2862,7 +2862,7 @@ CVE-2016-10026 (ikiwiki 3.20161219 does not properly check if a revision changes
 	- ikiwiki 3.20161219
 	NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
 	NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/7
 	NOTE: When fixing this issue make sure to apply the complete correct fix to
 	NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645.
 CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD v ...)
@@ -2880,7 +2880,7 @@ CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/1
 	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
 	NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
 	NOTE: still present.
@@ -2892,7 +2892,7 @@ CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=acfc4846508a02cc4c83aa27799fd7 (v2.7.0-rc0)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/2
 CVE-2016-9999
 	RESERVED
 CVE-2016-9996
@@ -2973,7 +2973,7 @@ CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegu
 	[stretch] - chicken <no-dsa> (Minor issue)
 	[jessie] - chicken <no-dsa> (Minor issue)
 	[wheezy] - chicken <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/18
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/18
 	NOTE: https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1
 	NOTE: For chicken vulnerable code in ./irregex-core.scm
 CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...)
@@ -3047,7 +3047,7 @@ CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5
 	NOTE: Vulnerable Squid Versions:
 	NOTE: 3.5.0.1 up to and including 3.5.22
 	NOTE: 4.0.1 up to and including 4.0.16
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1
 CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP conditional ...)
 	{DSA-3745-1 DLA-763-1}
 	- squid3 3.5.23-1 (bug #848493)
@@ -3063,7 +3063,7 @@ CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP condi
 	NOTE: 3.1.10 up to and including 3.1.23
 	NOTE: 3.2.0.3 up to and including 3.5.22
 	NOTE: 4.0.1 up to and including 4.0.16
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1
 CVE-2016-582384
 	REJECTED
 CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequ ...)
@@ -3075,37 +3075,37 @@ CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the pri
 	{DSA-3747-1 DLA-762-1}
 	- exim4 4.88~RC6-2
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/16/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/16/1
 	NOTE: https://exim.org/static/doc/CVE-2016-9963.txt
 CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer values. ...)
 	{DSA-3735-1 DLA-750-1}
 	- game-music-emu 0.6.0-4 (bug #848071)
 	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
 CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a denial of se ...)
 	{DSA-3735-1 DLA-750-1}
 	- game-music-emu 0.6.0-4 (bug #848071)
 	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
 CVE-2016-9959 (game-music-emu before 0.6.1 allows remote attackers to generate out of ...)
 	{DSA-3735-1 DLA-750-1}
 	- game-music-emu 0.6.0-4 (bug #848071)
 	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
 CVE-2016-9958 (game-music-emu before 0.6.1 allows remote attackers to write to arbitr ...)
 	{DSA-3735-1 DLA-750-1}
 	- game-music-emu 0.6.0-4 (bug #848071)
 	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
 CVE-2016-9957 (Stack-based buffer overflow in game-music-emu before 0.6.1. ...)
 	{DSA-3735-1 DLA-750-1}
 	- game-music-emu 0.6.0-4 (bug #848071)
 	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
 CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote attacker ...)
 	{DSA-3742-1}
 	- flightgear 1:2016.4.3+dfsg-1 (bug #848114)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/11
 CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport cr ...)
 	NOT-FOR-US: Apport
 CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path trave ...)
@@ -3146,7 +3146,7 @@ CVE-2016-9955 (The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp b
 	[jessie] - simplesamlphp <no-dsa> (Minor issue)
 	NOTE: https://simplesamlphp.org/security/201612-02
 	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/7
 CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its A ...)
 	{DSA-3748-1 DLA-766-1}
 	- libcrypto++ 5.6.4-5 (bug #848009)
@@ -3174,7 +3174,7 @@ CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x b
 	NOTE: Fixed in PHP 7.0.14 and 7.1.0
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978
 	NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...)
 	{DSA-3737-1 DLA-818-1}
 	- php7.0 7.0.14-1
@@ -3182,7 +3182,7 @@ CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP befo
 	NOTE: Fixed in PHP 5.6.29 and 7.0.14
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631
 	NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ...)
 	{DSA-3732-1 DLA-818-1}
 	- php7.0 7.0.13-1
@@ -3190,7 +3190,7 @@ CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows
 	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331
 	NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder function in ...)
 	{DSA-3751-1 DSA-3732-1 DLA-758-1}
 	- libgd2 2.2.2-29-g3c2b605-1 (bug #849038)
@@ -3205,7 +3205,7 @@ CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder functi
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696
 	NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x be ...)
 	- asterisk <not-affected> (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1)
 	NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable
@@ -3411,7 +3411,7 @@ CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator s
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/12
 CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows  ...)
 	{DLA-1497-1}
 	- qemu 1:2.8+dfsg-1 (bug #847496)
@@ -3421,7 +3421,7 @@ CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) al
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 (v2.8.0-rc2)
 	NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ...)
 	{DLA-1497-1}
 	- qemu 1:2.8+dfsg-1 (bug #847496)
@@ -3431,7 +3431,7 @@ CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) a
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 (v2.8.0-rc2)
 	NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
 	NOTE: proxy driver not included during compilation in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
 CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local  ...)
 	{DLA-1497-1}
@@ -3441,7 +3441,7 @@ CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows l
 	[wheezy] - qemu-kvm <no-dsa> (proxy and handle drivers not included during compilation)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
 	NOTE: proxy and handle drivers not included during compilation in wheezy, so the cleanup function is never implemented:
 	NOTE: see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
 CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p ...)
@@ -3451,13 +3451,13 @@ CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in hw/9p
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is vul ...)
 	{DLA-1497-1 DLA-765-1 DLA-764-1}
 	- qemu 1:2.8+dfsg-1 (bug #847951)
 	- qemu-kvm <removed>
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/10
 CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support  ...)
 	{DLA-1497-1}
 	- qemu 1:2.8+dfsg-1 (bug #847953)
@@ -3466,7 +3466,7 @@ CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest sup
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/3
 	NOTE: Leakage introduced after 1.2.50: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3f6e1b106abcf6b8cf487ac8f8e5fc2fd86776
 CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...)
 	- qemu 1:2.8+dfsg-1 (bug #847400)
@@ -3474,7 +3474,7 @@ CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator s
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/2
 CVE-2016-9920 (steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ...)
 	{DLA-737-1}
 	- roundcube 1.2.3+dfsg.1-1 (bug #847287)
@@ -3487,14 +3487,14 @@ CVE-2016-9910 (The serializer in html5lib before 0.99999999 might allow remote a
 	[wheezy] - html5lib <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
 	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5
 CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote attack ...)
 	- html5lib 0.999999999-1
 	[jessie] - html5lib <no-dsa> (Minor issue)
 	[wheezy] - html5lib <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
 	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5
 CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose a ...)
 	{DLA-734-1}
 	- mapserver 7.0.3-1
@@ -3632,8 +3632,8 @@ CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip
 	- unzip 6.0-21 (bug #847486)
 	[jessie] - unzip 6.0-16+deb8u3
 	NOTE: https://launchpad.net/bugs/1643750
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13
-	NOTE: Proposed patch in http://www.openwall.com/lists/oss-security/2016/12/05/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/05/13
+	NOTE: Proposed patch in https://www.openwall.com/lists/oss-security/2016/12/05/19
 CVE-2016-XXXX [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing]
 	- tiff 4.0.7-2 (unimportant; bug #846838)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
@@ -3751,7 +3751,7 @@ CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in SimpleSA
 	NOTE: https://github.com/simplesamlphp/saml2/pull/81
 	NOTE: https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
 	NOTE: only exploitable in hard to achieve conditions
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/03/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/03/5
 CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the p ...)
 	- linux 4.6.1-1
 	[jessie] - linux 3.16.39-1
@@ -3946,7 +3946,7 @@ CVE-2016-9775 (The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb
 	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
 	- tomcat6 6.0.41-3
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5
 CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...)
 	{DSA-3739-1 DSA-3738-1 DLA-753-1 DLA-746-1}
 	- tomcat8 8.5.8-2 (bug #845393)
@@ -3954,7 +3954,7 @@ CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~d
 	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
 	- tomcat6 6.0.41-3
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5
 CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does  ...)
 	- linux 4.8.15-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -3962,7 +3962,7 @@ CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled,
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400804
 	NOTE: Fixed by: https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 (v4.9-rc7)
 	NOTE: Introduced in: https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/2
 CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Contro ...)
 	{DLA-1497-1}
 	- qemu 1:2.8+dfsg-1 (bug #846797)
@@ -4066,7 +4066,7 @@ CVE-2016-9772 (OpenAFS 1.6.19 and earlier allows remote attackers to obtain sens
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
 	NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003-master.patch (master)
 	NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003.patch
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/01/12
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/01/12
 CVE-2016-9685 (Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the  ...)
 	- linux 4.5.1-1
 	[jessie] - linux 3.16.36-1
@@ -4085,7 +4085,7 @@ CVE-2016-9646 (ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder
 CVE-2016-9643 (The regex code in Webkit 2.4.11 allows remote attackers to cause a den ...)
 	- webkitgtk 2.14.6-1 (unimportant)
 	NOTE: Not covered by security support
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/26/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/26/2
 CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of service ...)
 	- webkitgtk <removed> (unimportant)
 	NOTE: Not covered by security support
@@ -4151,7 +4151,7 @@ CVE-2016-9603 (A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx
 	- xen 4.4.0-1
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-211.html
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/14/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/14/2
 	NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6
 CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following wh ...)
 	{DLA-1497-1 DLA-1035-1 DLA-965-1}
@@ -4159,7 +4159,7 @@ CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link followi
 	- qemu-kvm <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929
 	NOTE: The original proposed patch does not fix the issue, cf.
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/17/14
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/17/14
 	NOTE: Upstream patchset: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035
 	NOTE: If fixing this issue for older suites, then make sure not to open the
@@ -4228,7 +4228,7 @@ CVE-2016-9584 (libical allows remote attackers to cause a denial of service (use
 	- libical <removed> (bug #852034)
 	[stretch] - libical <ignored> (Minor issue)
 	[jessie] - libical <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/5
 	NOTE: Upstream ticket: https://github.com/libical/libical/issues/253
 CVE-2016-9583 (An out-of-bounds heap read vulnerability was found in the jpc_pi_nextp ...)
 	- jasper <removed> (unimportant)
@@ -4336,7 +4336,7 @@ CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Deni
 	NOT-FOR-US: SAP
 CVE-2016-9561 (The che_configure function in libavcodec/aacdec_template.c in FFmpeg b ...)
 	- ffmpeg 7:3.2.4-1 (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/08/1
 	NOTE: non-issue, legitimate media file. If a server application uses libav* on untrusted media
 	NOTE: files, it needs to set resource limits
 CVE-2016-9554 (The Sophos Web Appliance Remote / Secure Web Gateway server (version 4 ...)
@@ -4555,7 +4555,7 @@ CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is
 CVE-2016-9639 (Salt before 2015.8.11 allows deleted minions to read or write to minio ...)
 	- salt 2016.3.0+ds-1
 	[jessie] - salt <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/25/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/25/2
 CVE-2016-9813 (The _parse_pat function in the mpegts parser in GStreamer before 1.10. ...)
 	{DSA-3818-1}
 	- gst-plugins-bad1.0 1.10.2-1 (low)
@@ -4796,7 +4796,7 @@ CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks, which
 	- mcabber 0.10.2-1.1 (bug #845258)
 	NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
 	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/09/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/09/5
 CVE-2016-XXXX [Rorster vulnerability similar to CVE-2015-8688]
 	- slixmpp 1.2.2-1
 	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 (but should get a seprate CVE)
@@ -4817,19 +4817,19 @@ CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attacke
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10070 (Heap-based buffer overflow in the CalcMinMax function in coders/mat.c  ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to  ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-9559 (coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
@@ -4853,46 +4853,46 @@ CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10058 (Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagi ...)
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845239)
 	[jessie] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers  ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10066 (Buffer overflow in the ReadVIFFImage function in coders/viff.c in Imag ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10065 (The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0. ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845212)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows  ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845202)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows  ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845198)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not  ...)
 	{DSA-3799-1 DLA-868-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/352
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 	NOTE: CVE is for the fwrite issue in ReadGROUP4Image. This was
 	NOTE: specifically noted at the beginning of issues/196, but not fixed in
 	NOTE: either of these commits 933e96f01a8c889c7bf5ffd30020e86a02a046e7 nor
@@ -4904,19 +4904,19 @@ CVE-2016-10061 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick bef
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagi ...)
 	{DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10059 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows  ...)
 	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...)
 	- tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
@@ -5121,23 +5121,23 @@ CVE-2016-9452 (The transliterate mechanism in Drupal 8.x before 8.2.3 allows rem
 	- drupal8 <itp> (bug #756305)
 	- drupal7 <not-affected> (Only affects Drupal 8)
 	NOTE: https://www.drupal.org/SA-CORE-2016-005
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
 CVE-2016-9451 (Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...)
 	{DSA-3718-1 DLA-715-1}
 	- drupal7 7.52-1
 	NOTE: https://www.drupal.org/SA-CORE-2016-005
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
 CVE-2016-9450 (The user password reset form in Drupal 8.x before 8.2.3 allows remote  ...)
 	- drupal8 <itp> (bug #756305)
 	- drupal7 <not-affected> (Only affects Drupal 8)
 	NOTE: https://www.drupal.org/SA-CORE-2016-005
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
 CVE-2016-9449 (The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ...)
 	{DSA-3718-1 DLA-715-1}
 	- drupal8 <itp> (bug #756305)
 	- drupal7 7.52-1
 	NOTE: https://www.drupal.org/SA-CORE-2016-005
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
 CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m 0.5.3-19+deb8u1
@@ -5376,7 +5376,7 @@ CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.c
 	[wheezy] - teeworlds <end-of-life> (Games are not supported in Wheezy)
 	NOTE: https://www.teeworlds.com/?page=news&id=12086
 	NOTE: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 (0.6.4-release)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/16/8
 CVE-2016-9321
 	RESERVED
 CVE-2016-9320
@@ -5504,13 +5504,13 @@ CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow rem
 	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
 CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allow ...)
 	- jenkins <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/4
 CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c i ...)
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #844211)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/296
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/13/1
 CVE-2016-9300
 	REJECTED
 CVE-2016-9301
@@ -5523,7 +5523,7 @@ CVE-2016-9297 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote at
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (Unreproducible)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/2
 	NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
 	NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7
 	NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1
@@ -5579,7 +5579,7 @@ CVE-2016-9532 (Integer overflow in the writeBufferToSeparateStrips function in t
 	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
 	NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/11/14
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/11/14
 CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...)
 	- p7zip 16.02+dfsg-2 (unimportant; bug #844344)
 	[jessie] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
@@ -5681,7 +5681,7 @@ CVE-2016-9243 (HKDF in cryptography before 1.5.2 returns an empty byte-string if
 	[jessie] - python-cryptography 0.6.1-1+deb8u1
 	NOTE: Upstream bug: https://github.com/pyca/cryptography/issues/3211
 	NOTE: Upstream commit: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/08/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/08/6
 CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in framewo ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2016-9241
@@ -5894,7 +5894,7 @@ CVE-2016-9179 (lynx: It was found that Lynx doesn't parse the authority componen
 	- lynx 2.8.9dev11-1 (bug #843258)
 	- lynx-cur <removed>
 	[jessie] - lynx-cur <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/4
 	NOTE: Slight mitigation and documentation improvement was done in 2.8.9dev.10 upstream
 	NOTE: the uplaod to unstable as 2.8.9dev10-1
 CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...)
@@ -5905,7 +5905,7 @@ CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in
 	NOTE: 548acf19234dbda5a52d5a8e7e205af46e9da840 (added in 4.6), as such
 	NOTE: src:linux was never affected. 1c109fabbd5 also wasn't backported to
 	NOTE: the 3.2 and 3.16 LTS series
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/2
 CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...)
 	{DLA-772-1}
 	- linux 4.7.5-1
@@ -5931,7 +5931,7 @@ CVE-2016-9181 (perl-Image-Info: When parsing an SVG file, external entity expans
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118099
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379556
 	NOTE: Upstream commit: https://github.com/eserte/image-info/commit/781625b643bc05ba92127a4554de7910f3f2f8e6
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1
 	NOTE: Older versions of libimage-info-perl only can use XML::Simple.
 	NOTE: Controlling XXE processing behavior in XML::Simple is not really
 	NOTE: possible (see https://rt.cpan.org/Ticket/Display.html?id=83794),
@@ -5945,7 +5945,7 @@ CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented a
 	[wheezy] - libxml-twig-perl <no-dsa> (Minor issue, new flag would require changes to applications too, not worth the effort)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1
 	NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities.
 	NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master
 CVE-2016-9136 (Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8 ...)
@@ -5994,7 +5994,7 @@ CVE-2016-9139 (Cross-site scripting (XSS) vulnerability in Open Ticket Request S
 	- otrs2 5.0.14-1 (bug #843091)
 	[jessie] - otrs2 3.3.18-1+deb8u1
 	NOTE: https://community.otrs.com/security-advisory-2016-02-security-update-otrs
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/01/5
 	NOTE: upstream fix likely https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a
 CVE-2016-9120 (Race condition in the ion_ioctl function in drivers/staging/android/io ...)
 	- linux 4.6.1-1 (unimportant)
@@ -6071,33 +6071,33 @@ CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when usin
 	- gajim-otr <itp> (bug #722130)
 	NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
 	NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/30/2
 CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Qu ...)
 	{DLA-1599-1 DLA-698-1 DLA-689-1}
 	- qemu 1:2.8+dfsg-1 (bug #842463)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/4
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
 CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Qui ...)
 	{DLA-1599-1 DLA-698-1 DLA-689-1}
 	- qemu 1:2.8+dfsg-1 (bug #842463)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/3
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
 CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xat ...)
 	{DLA-1599-1 DLA-698-1 DLA-689-1}
 	- qemu 1:2.8+dfsg-1 (bug #842463)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/2
 CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emula ...)
 	{DLA-1599-1 DLA-698-1 DLA-689-1}
 	- qemu 1:2.8+dfsg-1 (bug #842463)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/1
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
 CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ( ...)
 	{DLA-1599-1 DLA-698-1 DLA-689-1}
@@ -6105,7 +6105,7 @@ CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in Q
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/15
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/15
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
 CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows l ...)
 	{DLA-1599-1 DLA-698-1 DLA-689-1}
@@ -6113,7 +6113,7 @@ CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) all
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/14
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/14
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=2634ab7fe29b3f75d0865b719caf8f310d634aae (v2.8.0-rc0)
 CVE-2016-9088
 	RESERVED
@@ -6549,12 +6549,12 @@ CVE-2016-8911 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remo
 CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary commands out ...)
 	- firejail 0.9.44-1
 	NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/25/3
 CVE-2016-9011 (The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attac ...)
 	{DLA-694-1}
 	- libwmf 0.2.8.4-10.6 (bug #842090)
 	[jessie] - libwmf 0.2.8.4-10.3+deb8u2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/9
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/9
 	NOTE: https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c
 	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc
 	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=842090;filename=libwmf-0.2.8.4-CVE-2016-9011-debian.patch;msg=10
@@ -7045,13 +7045,13 @@ CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (
 	- qemu 1:2.8+dfsg-1 (bug #841955)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/2
 CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
 	{DLA-1599-1 DLA-698-1 DLA-689-1}
 	- qemu 1:2.8+dfsg-1 (bug #841950)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/1
 CVE-2016-XXXX [Privilege escalation possible to other user than root]
 	- bash <unfixed> (unimportant; bug #841856)
 	NOTE: This is strongly related to the problem described in CVE-2016-7543 and the correction
@@ -7063,7 +7063,7 @@ CVE-2016-10249 (Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568 (version-1.900.12)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
 	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00001-jasper-heapoverflow-jpc_dec_tiledecode
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/23/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/23/7
 CVE-2016-10250 (The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 a ...)
 	- jasper <not-affected> (Incomplete fix for CVE-206-8887 not applied)
 	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00002-jasper-NULLptr-jp2_colr_destroy
@@ -7127,7 +7127,7 @@ CVE-2016-8859 (Multiple integer overflows in the TRE library and musl libc allow
 	[jessie] - tre 0.8.0-4+deb8u1
 	- musl 1.1.15-2 (bug #842171)
 	[jessie] - musl 1.1.5-2+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/19/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/19/1
 	NOTE: other issues may still be present in tre after this: https://github.com/laurikari/tre/issues/37
 	NOTE: musl patch: http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7, not released yet
 CVE-2016-8858 (** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x  ...)
@@ -7144,21 +7144,21 @@ CVE-2016-8862 (The AcquireMagickMemory function in MagickCore/memory.c in ImageM
 	NOTE: The initial patch was initiall meant to be incomplete and resulted in CVE-2016-8866. So when fixing
 	NOTE: this CVE make sure to fix it completely to not open up CVE-2016-8866.
 	NOTE: The "incomplete fix" though is not a real problem, cf. https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/17/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/17/4
 CVE-2016-8860 (Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal funct ...)
 	{DSA-3694-1 DLA-663-1}
 	- tor 0.2.8.9-1
 	NOTE: https://trac.torproject.org/projects/tor/ticket/20384
 	NOTE: https://blog.torproject.org/blog/tor-0289-released-important-fixes
 	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/11
 CVE-2016-9138 (PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ...)
 	{DSA-3732-1}
 	- php7.0 7.0.12-1
 	- php5 <removed>
 	[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/01/7
 CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ext/cur ...)
 	{DSA-3698-1}
 	- php7.0 7.0.12-1
@@ -7167,7 +7167,7 @@ CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ex
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
 	NOTE: Fixed in 7.0.12, 5.6.27
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/1
 CVE-2016-8673 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
 	NOT-FOR-US: Siemens SIMATIC CP
 CVE-2016-8672 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
@@ -7248,7 +7248,7 @@ CVE-2016-8690 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer bef
 	{DLA-1583-1}
 	- jasper <removed> (low; bug #841112)
 	[wheezy] - jasper <no-dsa> (Minor issue)
-	NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
+	NOTE: CVE ID for the first and fifth items of https://www.openwall.com/lists/oss-security/2016/08/23/6 post
 	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
 	NOTE: The original fix is incomplete resulting in two follow ups CVE-2016-8884 and
 	NOTE: CVE-2016-8885.
@@ -7304,7 +7304,7 @@ CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_d
 	- libgd2 2.2.3-87-gd0fec80-1 (bug #840805)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73280
 	NOTE: https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/15/1
 CVE-2016-8671 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not prop ...)
 	- matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not applied)
 	NOTE: https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
@@ -7561,11 +7561,11 @@ CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is vul
 	- libapache2-mod-cluster <itp> (bug #731410)
 CVE-2016-8611 (A vulnerability was found in Openstack Glance. No limits are enforced  ...)
 	- glance <unfixed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/16
 CVE-2016-8610 (A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 thro ...)
 	{DSA-3773-1 DLA-814-1}
 	- openssl 1.0.2j-1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/3
 	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions countermeasures in gnutls
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
@@ -7594,7 +7594,7 @@ CVE-2016-8596 (Buffer overflow in the csp_can_process_frame in csp_if_can.c in t
 	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
 CVE-2016-8595 (The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1 ...)
 	- ffmpeg 7:3.1.5-1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/08/2
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/987690799dd86433bf98b897aaa4c8d93ade646d
 CVE-2016-8594
 	RESERVED
@@ -7604,7 +7604,7 @@ CVE-2016-8666 (The IP stack in the Linux kernel before 4.6 allows remote attacke
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/fac8e0f579695a3ecbc4d3cac369139d7f819971
 	NOTE: Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/13/11
 CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows local users ...)
 	- linux <unfixed> (unimportant)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -7841,7 +7841,7 @@ CVE-2016-XXXX [dbus format string vulnerability]
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=98157
 	NOTE: Versions affected: dbus >= 1.4.0
 	NOTE: Fixed in: dbus >= 1.11.6, 1.10.x >= 1.10.12, 1.8.x >= 1.8.22
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/10/9
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/10/10/9
 	NOTE: In Debian CVE-2015-0245 was already fixed, and this issue is
 	NOTE: not believed to be exploitable in practice, because the relevant
 	NOTE: message is ignored unless it comes from the owner of the bus name
@@ -7882,7 +7882,7 @@ CVE-2016-8679 (The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in L
 	- dwarfutils 20161001-2 (bug #840958)
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/11
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
 	NOTE: Same fix as CVE-2016-8681 but different issue
@@ -7890,7 +7890,7 @@ CVE-2016-8680 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwa
 	- dwarfutils 20161001-2 (bug #840960)
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/12
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/12
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
 CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20 ...)
 	- dwarfutils 20161001-2 (bug #840961)
@@ -7898,7 +7898,7 @@ CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwa
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/13
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/13
 CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 al ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (bug #840451)
@@ -8149,29 +8149,29 @@ CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass th
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
 	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
 	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/19
 CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (bug #839845)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
 	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
 	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
 CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
-	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28
+	NOTE: Reproducer: https://www.openwall.com/lists/oss-security/2016/09/29/28
 	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
 CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attacker ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (high; bug #839260)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
-	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/30/8
+	NOTE: Reproducer: https://www.openwall.com/lists/oss-security/2016/09/30/8
 	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
 CVE-2016-1000247 [mpg123 memory overread]
 	{DLA-655-1}
 	- mpg123 1.23.8-1 (low; bug #838960)
@@ -8187,7 +8187,7 @@ CVE-2016-XXXX [nspr, nss: unprotected environment variables]
 	[wheezy] - nss 2:3.26-1+debu7u1
 	NOTE: Workaround entry for DSA-3688-1/DLA-677-1 until CVE is assigned
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/02/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/10/02/4
 CVE-2016-8390 (An exploitable out of bounds write vulnerability exists in the parsing ...)
 	NOT-FOR-US: Hopper Disassembler
 CVE-2016-8389 (An exploitable integer-overflow vulnerability exists within Iceni Argu ...)
@@ -8456,7 +8456,7 @@ CVE-2016-7553 (The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak pe
 	[jessie] - irssi 0.8.17-1+deb8u2
 	NOTE: Fixed by: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
 	NOTE: https://irssi.org/2016/09/22/buf.pl-update/
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/24/1
 CVE-2016-1000242
 	RESERVED
 CVE-2016-1000241
@@ -8519,7 +8519,7 @@ CVE-2016-7466 (Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
 	NOTE: The usb_xhci_exit and thus the patched code was introduced in:
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=53c30545fb34c43c84d62ea1c2b0dc6b53303c34 (v2.2.0-rc0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/19/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/19/8
 CVE-2016-8280 (Directory traversal vulnerability in Huawei eSight before V300R003C20S ...)
 	NOT-FOR-US: Huawei eSight UMS
 CVE-2016-8279 (The video driver in Huawei Mate S smartphones with software CRR-TL00 b ...)
@@ -8647,7 +8647,7 @@ CVE-2016-7423 (The mptsas_process_scsi_io_request function in QEMU (aka Quick Em
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376776
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/5
 	NOTE: LSI SAS1068 (mptsas) device support added in
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
@@ -8659,7 +8659,7 @@ CVE-2016-7422 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (ak
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/4
 CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU ...)
 	{DLA-1599-1}
 	- qemu 1:2.7+dfsg-1 (bug #838147)
@@ -8667,7 +8667,7 @@ CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in
 	- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376731
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/3
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=d251157ac1928191af851d199a9ff255d330bec9
 CVE-2016-8220 (Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x pri ...)
 	NOT-FOR-US: Pivotal
@@ -8716,7 +8716,7 @@ CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in Gnu
 	NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
 	NOTE: Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374266
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/18/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/18/3
 CVE-2016-8200
 	RESERVED
 CVE-2016-8199
@@ -9326,7 +9326,7 @@ CVE-2016-7954 (Bundler 1.x might allow remote attackers to inject arbitrary Ruby
 	[stretch] - bundler <ignored> (Minor issue, too intrusive to backport)
 	[jessie] - bundler <ignored> (Minor issue, too intrusive to backport)
 	[wheezy] - bundler <no-dsa> (Minor issue, too intrusive to backport)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/10/04/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/10/04/5
 	NOTE: There is no plan from upstream to address this for bundler 1.x
 	NOTE: due to lockfile format.
 CVE-2016-7953 (Buffer underflow in X.org libXvMC before 1.0.10 allows remote X server ...)
@@ -10334,7 +10334,7 @@ CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary commands
 	{DLA-680-1}
 	- bash 4.4-1
 	[jessie] - bash 4.3-11+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/9
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/26/9
 	NOTE: Default shell is dash which is not vulnerable, but bash in Jessie and
 	NOTE: Wheezy are affected.
 	NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-048
@@ -11352,7 +11352,7 @@ CVE-2016-7405 (The qstr method in the PDO driver in the ADOdb Library for PHP be
 	NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
 	NOTE: Issue only with the PDO driver and only if queries built by inlining
 	NOTE: the quoted string (not recommended).
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/07/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/07/8
 CVE-2016-7154 (Use-after-free vulnerability in the FIFO event channel code in Xen 4.4 ...)
 	{DSA-3663-1}
 	- xen 4.6.0-1
@@ -11421,7 +11421,7 @@ CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local gu
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/2
 	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
 CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (ak ...)
 	{DLA-1599-1}
@@ -11431,7 +11431,7 @@ CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEM
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/3
 	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
 CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 func ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #837603)
@@ -11441,7 +11441,7 @@ CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
 	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/4
 	NOTE: Vulnerable code introduced after version 2.6: http://wiki.qemu.org/ChangeLog/2.6
 CVE-2016-7140 (Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in ...)
 	NOT-FOR-US: Plone
@@ -11465,20 +11465,20 @@ CVE-2016-7145 (The m_authenticate function in ircd/m_authenticate.c in nefarious
 	NOT-FOR-US: Nefarious 2
 CVE-2016-7144 (The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3 ...)
 	- unrealircd <itp> (bug #515130)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
 	NOTE: unrealircd reportedly vulnerable, and ircd-seven reportedly not vulnerable
 CVE-2016-7143 (The m_authenticate function in modules/m_sasl.c in Charybdis before 3. ...)
 	{DSA-3661-1}
 	- charybdis 3.5.3-1 (bug #836714)
 	[wheezy] - charybdis <no-dsa> (unsupported)
 	NOTE: charybdis patch: https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
 CVE-2016-7142 (The m_sasl module in InspIRCd before 2.0.23, when used with a service  ...)
 	{DSA-3662-1}
 	- inspircd 2.0.23-1 (bug #836706)
 	[wheezy] - inspircd <end-of-life> (not supported in Wheezy)
 	NOTE: http://www.inspircd.org/2016/09/03/v2023-released.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
 CVE-2016-7120
 	RESERVED
 CVE-2016-7134 (ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a l ...)
@@ -11486,14 +11486,14 @@ CVE-2016-7134 (ext/curl/interface.c in PHP 7.x before 7.0.10 does not work aroun
 	- php5 <not-affected> (Only affects PHP 7)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72674
 	NOTE: Fixed in 7.0.10
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7?w=1
 CVE-2016-7133 (Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabl ...)
 	- php7.0 7.0.10-1
 	- php5 <not-affected> (Only affects PHP 7)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72742
 	NOTE: Fixed in 7.0.10
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
 CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...)
 	{DSA-3689-1 DLA-749-1}
@@ -11501,7 +11501,7 @@ CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
 	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
 	NOTE: commit is about the pop issue in 72799.
@@ -11511,7 +11511,7 @@ CVE-2016-7131 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
 	NOTE: Cf. as well https://bugs.php.net/bug.php?id=72799
 	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
@@ -11522,7 +11522,7 @@ CVE-2016-7130 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP befor
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
 CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ...)
 	{DSA-3689-1 DLA-749-1}
@@ -11530,7 +11530,7 @@ CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP befo
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
 CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...)
 	{DSA-3689-1 DLA-749-1}
@@ -11538,7 +11538,7 @@ CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP b
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed?w=1
 CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...)
 	{DSA-3689-1}
@@ -11547,7 +11547,7 @@ CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.2
 	- php5 5.6.26+dfsg-1 (unimportant)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
 CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ...)
 	{DSA-3689-1}
@@ -11556,7 +11556,7 @@ CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before
 	- php5 5.6.26+dfsg-1 (unimportant)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
 CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...)
 	{DSA-3689-1 DLA-628-1}
@@ -11564,7 +11564,7 @@ CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
 	NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
 	NOTE: handler" part of 72681.
@@ -11574,7 +11574,7 @@ CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x befo
 	- php5 5.6.26+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
 	NOTE: https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1
 CVE-2016-7123 (Cross-site request forgery (CSRF) vulnerability in the admin web inter ...)
 	- mailman 2.1.15-1
@@ -11602,34 +11602,34 @@ CVE-2016-10057 (Buffer overflow in the WriteGROUP4Image function in coders/tiff.
 	{DSA-3675-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10056 (Buffer overflow in the sixel_decode function in coders/sixel.c in Imag ...)
 	{DSA-3675-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10055 (Buffer overflow in the WritePDBImage function in coders/pdb.c in Image ...)
 	{DSA-3675-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10054 (Buffer overflow in the WriteMAPImage function in coders/map.c in Image ...)
 	{DSA-3675-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10053 (The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9 ...)
 	{DSA-3675-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
 	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image p ...)
 	{DLA-609-1}
 	- linux <not-affected>
 	NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
 	NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version. Issue then was fixed in 3.2.81-2 in DLA-609-1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/31/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/31/1
 CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick E ...)
 	{DLA-1599-1 DLA-619-1 DLA-618-1}
 	- qemu 1:2.6+dfsg-3.1 (bug #836502)
@@ -12213,14 +12213,14 @@ CVE-2016-6889
 CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1. ...)
 	- ffmpeg 7:3.1.3-1 (unimportant)
 	- libav <not-affected>
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/26/6
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
 	NOTE: Vulnerable code not present in any Libav version.
 CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a limi ...)
 	- lshell <removed> (bug #834949)
 	[wheezy] - lshell <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ghantoos/lshell/issues/147
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/22/15
 	NOTE: As for 2016-08-23 https://github.com/ghantoos/lshell/issues/147#issuecomment-241366750 ist still
 	NOTE: as well under the scope of CVE-2016-6902, until "there is further vendor followup
 	NOTE: about issues/147" and possibly a new/additional CVE assignment.
@@ -12228,7 +12228,7 @@ CVE-2016-6903 (lshell 0.9.16 allows remote authenticated users to break out of a
 	- lshell <removed> (bug #834946)
 	[wheezy] - lshell <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ghantoos/lshell/issues/149
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/22/15
 CVE-2016-6897 (Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_ ...)
 	- wordpress 4.6.1+dfsg-1 (bug #837090)
 	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
@@ -12366,7 +12366,7 @@ CVE-2016-6866 (slock allows attackers to bypass the screen lock via vectors invo
 	{DLA-598-1}
 	- suckless-tools 41-1
 	[jessie] - suckless-tools 40-1+deb8u2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/18/22
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/18/22
 	NOTE: http://s1m0n.dft-labs.eu/files/slock/
 	NOTE: Starting with 41-1 slock.c got patched to use PAM, cf. #739629
 	NOTE: and with the patch readpw(dpy, pws) is not called anymore, and
@@ -12441,7 +12441,7 @@ CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x
 	NOT-FOR-US: Apache CXF
 CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn use ...)
 	- hadoop <itp> (bug #793644)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/01/2
 CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scri ...)
 	- activemq 5.14.2+dfsg-1 (unimportant)
 	NOTE: Admin console not enabled in the Debian package, see #702670
@@ -12526,7 +12526,7 @@ CVE-2016-10052 (Buffer overflow in the WriteProfile function in coders/jpeg.c in
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834501)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-6792
 	RESERVED
 CVE-2016-6791 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
@@ -12790,7 +12790,7 @@ CVE-2016-10051 (Use-after-free vulnerability in the ReadPWPImage function in cod
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834183)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write function in  ...)
 	{DLA-1497-1}
 	- qemu 1:2.6+dfsg-3.1 (bug #834904)
@@ -12799,7 +12799,7 @@ CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write functio
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/12/1
 CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in  ...)
 	{DLA-1599-1}
 	- qemu 1:2.6+dfsg-3.1 (bug #834905)
@@ -12808,7 +12808,7 @@ CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/8
 CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in  ...)
 	{DLA-1497-1}
 	- qemu 1:2.6+dfsg-3.1 (bug #835031)
@@ -12816,7 +12816,7 @@ CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/7
 CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka  ...)
 	{DLA-1599-1}
 	- qemu 1:2.6+dfsg-3.1 (bug #834944)
@@ -12825,7 +12825,7 @@ CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/5
 CVE-2016-6671 (The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2  ...)
 	- ffmpeg 7:3.1.2-1
 CVE-2016-6670 (Huawei S7700, S9300, S9700, and S12700 devices with software before V2 ...)
@@ -12943,30 +12943,30 @@ CVE-2016-10050 (Heap-based buffer overflow in the ReadRLEImage function in coder
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833744)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10049 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageM ...)
 	{DSA-3652-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833743)
 	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10048 (Directory traversal vulnerability in magick/module.c in ImageMagick 6. ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.5.7+dfsg-1 (bug #833735)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10047 (Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMa ...)
 	{DSA-3652-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833732)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present in version 6.7.7.10)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10046 (Heap-based buffer overflow in the DrawImage function in magick/draw.c  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
-	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-6887 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not prop ...)
 	- matrixssl <removed>
 	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
@@ -13145,65 +13145,65 @@ CVE-2016-7514 (The ReadPSDChannelPixels function in coders/psd.c in ImageMagick
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7515 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832461)
 	NOTE: https://bugs.launchpad.net/bugs/1533445
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7516 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows remo ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
 	NOTE: https://bugs.launchpad.net/bugs/1533452
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7517 (The EncodeImage function in coders/pict.c in ImageMagick allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
 	NOTE: https://bugs.launchpad.net/bugs/1533449
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7518 (The ReadSUNImage function in coders/sun.c in ImageMagick allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
 	NOTE: https://bugs.launchpad.net/bugs/1533447
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/81
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7519 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
 	NOTE: https://bugs.launchpad.net/bugs/1533445
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7520 (Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remot ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
 	NOTE: https://bugs.launchpad.net/bugs/1537213
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7521 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows remot ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
 	NOTE: https://bugs.launchpad.net/bugs/1537418
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/92
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7522 (The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832475)
 	NOTE: https://bugs.launchpad.net/bugs/1537419
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/93
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7523 (coders/meta.c in ImageMagick allows remote attackers to cause a denial ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
 	NOTE: https://bugs.launchpad.net/bugs/1537420
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/94
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7524 (coders/meta.c in ImageMagick allows remote attackers to cause a denial ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
@@ -13216,7 +13216,7 @@ CVE-2016-7525 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows
 	NOTE: https://bugs.launchpad.net/bugs/1537424
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/98
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
@@ -13224,21 +13224,21 @@ CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a de
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/102
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7527 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
 	NOTE: https://bugs.launchpad.net/bugs/1542115
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/122
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7528 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows remo ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832483)
 	NOTE: https://bugs.launchpad.net/bugs/1537425
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/99
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7529 (coders/xcf.c in ImageMagick allows remote attackers to cause a denial  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832504)
@@ -13247,7 +13247,7 @@ CVE-2016-7529 (coders/xcf.c in ImageMagick allows remote attackers to cause a de
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/104
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/103
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers to ca ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
@@ -13258,74 +13258,74 @@ CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/110
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7531 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832633)
 	NOTE: https://bugs.launchpad.net/bugs/1539061
 	NOTE: https://bugs.launchpad.net/bugs/1542112
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/107
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7532 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
 	NOTE: https://bugs.launchpad.net/bugs/1539066
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/109
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7533 (The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832780)
 	NOTE: https://bugs.launchpad.net/bugs/1542114
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7534 (The generic decoder in ImageMagick allows remote attackers to cause a  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
 	NOTE: https://bugs.launchpad.net/bugs/1542785
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7535 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
 	NOTE: https://bugs.launchpad.net/bugs/1545180
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7536 (magick/profile.c in ImageMagick allows remote attackers to cause a den ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
 	NOTE: https://bugs.launchpad.net/bugs/1545367
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/130
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7537 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832791)
 	NOTE: https://bugs.launchpad.net/bugs/1553366
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7538 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
 	NOTE: https://bugs.launchpad.net/bugs/1556273
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7539 (Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows rem ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833101)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-7540 (coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to ...)
 	{DSA-3652-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #827643)
 	[wheezy] - imagemagick <not-affected> (RGF coder is not present in version 6.7.7.10)
 	NOTE: https://bugs.launchpad.net/bugs/1594060
 	NOTE: https://github.com/ImageMagick/ImageMagick/pull/223
-	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
 CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypas ...)
 	NOT-FOR-US: ZOHO WebNMS
 CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm ...)
@@ -13564,7 +13564,7 @@ CVE-2016-6494 (The client in MongoDB uses world-readable permissions on .dbshell
 	{DLA-588-1}
 	- mongodb 1:2.6.12-3 (bug #832908)
 	[jessie] - mongodb 1:2.4.10-5+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/29/4
 CVE-2016-6491 (Buffer overflow in the Get8BIMProperty function in MagickCore/property ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
@@ -13576,7 +13576,7 @@ CVE-2016-6489 (The RSA and DSA decryption code in Nettle makes it easier for att
 	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
 	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
 	NOTE: Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
-	NOTE: Cf. http://www.openwall.com/lists/oss-security/2016/07/30/2
+	NOTE: Cf. https://www.openwall.com/lists/oss-security/2016/07/30/2
 	NOTE: Additionally needed: https://git.lysator.liu.se/nettle/nettle/commit/52b9223126b3f997c00d399166c006ae28669068
 	NOTE: GnuTLS needs an update when/before src:nettle is fixed to continue working with patched src:nettle for CVE-2016-6489
 	NOTE: but not a vulnerability in GnuTLS. Needs https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f
@@ -13592,7 +13592,7 @@ CVE-2016-6513 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshar
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-49.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6512 (epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an ov ...)
 	- wireshark 2.0.5+ga3be9c6-1
 	[jessie] - wireshark <not-affected> (Only affects 2.x)
@@ -13601,7 +13601,7 @@ CVE-2016-6512 (epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-48.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6511 (epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 a ...)
 	{DSA-3648-1 DLA-595-1}
 	- wireshark 2.0.5+ga3be9c6-1
@@ -13609,7 +13609,7 @@ CVE-2016-6511 (epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-47.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6510 (Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector  ...)
 	{DSA-3648-1 DLA-595-1}
 	- wireshark 2.0.5+ga3be9c6-1
@@ -13617,7 +13617,7 @@ CVE-2016-6510 (Off-by-one error in epan/dissectors/packet-rlc.c in the RLC disse
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-46.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6509 (epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12. ...)
 	{DSA-3648-1 DLA-595-1}
 	- wireshark 2.0.5+ga3be9c6-1
@@ -13625,7 +13625,7 @@ CVE-2016-6509 (epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-45.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6508 (epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x  ...)
 	{DSA-3648-1 DLA-595-1}
 	- wireshark 2.0.5+ga3be9c6-1
@@ -13633,7 +13633,7 @@ CVE-2016-6508 (epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb
 	NOTE: Affects  2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6507 (epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12. ...)
 	{DSA-3648-1 DLA-595-1}
 	- wireshark 2.0
@@ -13642,7 +13642,7 @@ CVE-2016-6507 (epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5a10743258bd016c07ebf6479137fda3d172a0f
 	NOTE: Affects 1.12.0 to 1.12.12, fixed 1.12.13
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6506 (epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x  ...)
 	{DSA-3648-1 DLA-595-1}
 	- wireshark 2.0.5+ga3be9c6-1
@@ -13650,7 +13650,7 @@ CVE-2016-6506 (epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499
 	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5, 1.12.13
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6505 (epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wiresha ...)
 	{DSA-3648-1 DLA-595-1}
 	- wireshark 2.0.5+ga3be9c6-1
@@ -13658,7 +13658,7 @@ CVE-2016-6505 (epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wi
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95
 	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6504 (epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1 ...)
 	{DSA-3648-1 DLA-595-1}
 	- wireshark 2.0
@@ -13667,13 +13667,13 @@ CVE-2016-6504 (epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wiresh
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9eacbb4d48df647648127b9258f9e5aeeb0c7d99
 	NOTE: Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6503 (The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windo ...)
 	- wireshark <not-affected> (Only affects Wireshark on Windows)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-39.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6490 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Qui ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #832767)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
@@ -14163,13 +14163,13 @@ CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emula
 	- qemu-kvm <removed>
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/25/14
 	NOTE: According to maintainer the fix relies on the fix for CVE-2016-4439
 CVE-2016-6350 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (N ...)
 	NOT-FOR-US: OpenBSD
 CVE-2016-6349 (The machinectl command in oci-register-machine allows local users to l ...)
 	NOT-FOR-US: oci-register-machine
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/26/5
 	NOTE: Requirement is that docker containers would register themselves to
 	NOTE: to systemd-machined by oci-register-machine (not packaged in Debian,
 	NOTE: and https://github.com/projectatomic/docker/commit/a307e90141ba31b378bc31bb7720ed141f47cd9b
@@ -14541,11 +14541,11 @@ CVE-2016-6263 (The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libi
 	- libidn 1.33-1
 	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
 	NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
 CVE-2016-6262 (idn in libidn before 1.33 might allow remote attackers to obtain sensi ...)
 	- libidn <not-affected> (Incomplete fix for CVE-2015-8948 not applied)
 	NOTE: Follow-up fix for CVE-2015-8948: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 (libidn-1-33)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
 CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allo ...)
 	{DSA-3658-1 DLA-582-1}
 	- libidn 1.33-1
@@ -14553,7 +14553,7 @@ CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33
 	NOTE: Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c (libidn-1-33)
 	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d (libidn-1-33)
 	NOTE: Follow-up memory leak fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=11abd0e02c16f9e0b6944aea4ef0f2df44b42dd4 (libidn-1-33)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
 CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout durin ...)
 	NOT-FOR-US: F5
 CVE-2016-1000037 (Pagure: XSS possible in file attachment endpoint ...)
@@ -14577,7 +14577,7 @@ CVE-2016-6250 (Integer overflow in the ISO9660 writer in libarchive before 3.2.1
 	- libarchive 3.2.1-1 (low)
 	NOTE: https://github.com/libarchive/libarchive/issues/711
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/1
 CVE-2016-6252 (Integer overflow in shadow 4.2.1 allows local users to gain privileges ...)
 	{DSA-3793-1}
 	- shadow 1:4.4-1 (bug #832170)
@@ -14682,7 +14682,7 @@ CVE-2016-6255 (Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attac
 	- libupnp 1:1.6.19+git20160116-1.1 (bug #831857)
 	NOTE: https://twitter.com/mjg59/status/755062278513319936
 	NOTE: Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/18/13
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/18/13
 CVE-2016-6233 (The (1) order and (2) group methods in Zend_Db_Select in the Zend Fram ...)
 	- zendframework 1.12.19+dfsg-1
 	[jessie] - zendframework <not-affected> (introduced after 1.12.9)
@@ -14810,12 +14810,12 @@ CVE-2016-6905 (The read_image_tga function in gd_tga.c in the GD Graphics Librar
 	NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f
 	NOTE: Fixed by: https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186
 	NOTE: followed by: https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/12/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/12/4
 CVE-2016-6352 (The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows  ...)
 	{DLA-2043-1}
 	- gdk-pixbuf 2.35.4-1 (bug #832496)
 	[wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/11
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170
 	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599
 CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap  ...)
@@ -14823,7 +14823,7 @@ CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted
 	NOTE: Actually due to an incomplete fix of LP#1447282
 	NOTE: https://launchpad.net/bugs/1597154
 	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/2
 CVE-2016-6214 (gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows re ...)
 	{DSA-3619-1}
 	- libgd2 2.2.2-29-g3c2b605-1
@@ -14831,12 +14831,12 @@ CVE-2016-6214 (gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allo
 	NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241
 	NOTE: https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
 	NOTE: Different issue than CVE-2016-6132
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/5
 CVE-2016-6223 (The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in  ...)
 	{DSA-3762-1 DLA-693-1 DLA-610-1}
 	- tiff 4.0.6-2 (bug #842270)
 	- tiff3 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/3
 	NOTE: Upstream patch: https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496
 CVE-2016-1000023
 	REJECTED
@@ -14894,7 +14894,7 @@ CVE-2016-6187 (The apparmor_setprocattr function in security/apparmor/lsm.c in t
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced by: https://git.kernel.org/linus/bb646cdb12e75d82258c2f2e7746d5952d3e321a (v4.5-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/30a46a4647fd1df9cf52e43bf467f0d9265096ca (v4.7-rc7)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/09/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/09/1
 CVE-2016-XXXX [GNUTLS-SA-2016-2: certificate verification issue]
 	- gnutls28 3.4.14-1 (unimportant)
 	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-2
@@ -15835,13 +15835,13 @@ CVE-2016-5844 (Integer overflow in the ISO parser in libarchive before 3.2.1 all
 CVE-2016-5842 (MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote atta ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
-	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
+	NOTE: Details: https://www.openwall.com/lists/oss-security/2016/06/23/1
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
 	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
 CVE-2016-5841 (Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
-	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
+	NOTE: Details: https://www.openwall.com/lists/oss-security/2016/06/23/1
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
 	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
 CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage functio ...)
@@ -15889,7 +15889,7 @@ CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service
 	NOTE: Related upstream ticket: https://github.com/libical/libical/issues/251
 	NOTE: Whilst the upstream commits in issues/251 fix the issue of #251 itself
 	NOTE: they do not fix the bugzilla.mozilla.org case 1275400 which was assigned
-	NOTE: in http://www.openwall.com/lists/oss-security/2016/06/25/4
+	NOTE: in https://www.openwall.com/lists/oss-security/2016/06/25/4
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2016-5824
 	NOTE: thunderbird uses embedded libical copy
 CVE-2016-5823 (The icalproperty_new_clone function in libical 0.47 and 1.0 allows rem ...)
@@ -16045,7 +16045,7 @@ CVE-2016-5742 (SQL injection vulnerability in the XML-RPC interface in Movable T
 	{DLA-532-1}
 	- movabletype-opensource <removed>
 	NOTE: https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/06/22/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/06/22/3
 	NOTE: https://github.com/movabletype/movabletype/commit/42113544e7d8ebf6064b7b01b921734b667a1682
 CVE-2016-5737 (The Gerrit configuration in the Openstack Puppet module for Gerrit (ak ...)
 	NOT-FOR-US: Openstack-infra puppet-gerrit module
@@ -16856,7 +16856,7 @@ CVE-2016-6211 (The User module in Drupal 7.x before 7.44 allows remote authentic
 	{DSA-3604-1 DLA-550-1}
 	- drupal7 7.44-1
 	NOTE: https://www.drupal.org/SA-CORE-2016-002
-	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/4
 	NOTE: https://gist.github.com/lamby/4697fea399f3f01ca6de3ce9ed79fce7 tarball diff
 	NOTE: https://gist.github.com/lamby/dbeda4d49f48a32aa0dd4b3ed7f06a13 filtered diff
 CVE-2016-5636 (Integer overflow in the get_data function in zipimport.c in CPython (a ...)
@@ -17197,7 +17197,7 @@ CVE-2016-5339
 	RESERVED
 CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial ...)
 	- libreswan <not-affected> (Fixed before initial upload to Debian)
-	NOTE: Possibly the CVE should be rejected: http://www.openwall.com/lists/oss-security/2016/06/13/1
+	NOTE: Possibly the CVE should be rejected: https://www.openwall.com/lists/oss-security/2016/06/13/1
 	NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
 	NOTE: Huzaifa Sidhpurwala <huzaifas@redhat.com> pointed out that is not a libreswan issue, rather
 	NOTE: the protocol is flawed.
@@ -17638,7 +17638,7 @@ CVE-2016-4456 (The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 all
 	- gnutls28 3.4.13-1
 	[jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
 	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/06/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/06/07/2
 CVE-2016-1000002 (gdm3 3.14.2 and possibly later has an information leak before screen l ...)
 	- gdm3 <unfixed> (low; bug #849432)
 	[buster] - gdm3 <ignored> (Minor issue)
@@ -17717,7 +17717,7 @@ CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
 	NOTE: Workaround entry for DLA-650-1/DSA-3708-1 until/if CVE is assigned
 	NOTE: https://0xacab.org/mat/mat/issues/11067
 	NOTE: Patch in 0.6.1-3 disabled PDF support
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/06/02/5
 CVE-2016-5239 (The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and G ...)
 	{DSA-3580-1 DLA-1456-1 DLA-486-1 DLA-484-1}
 	- graphicsmagick 1.3.24-1
@@ -18042,7 +18042,7 @@ CVE-2016-5157 (Heap-based buffer overflow in the opj_dwt_interleave_v function i
 	[jessie] - openjpeg2 2.1.0-2+deb8u3
 	- chromium-browser 53.0.2785.89-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/08/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/08/8
 	NOTE: https://github.com/uclouvain/openjpeg/pull/823
 CVE-2016-5156 (extensions/renderer/event_bindings.cc in the event bindings in Google  ...)
 	{DSA-3660-1}
@@ -18208,7 +18208,7 @@ CVE-2016-5126 (Heap-based buffer overflow in the iscsi_aio_ioctl function in blo
 	NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/30/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/30/6
 CVE-2016-XXXX [CSRF protection for POST requests]
 	- postfixadmin 2.93-2 (bug #825151)
 	[jessie] - postfixadmin <no-dsa> (Minor issue)
@@ -18221,7 +18221,7 @@ CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 a
 	- imagemagick 8:6.8.9.9-7.1 (bug #825799)
 	- graphicsmagick 1.3.24-1 (bug #825800)
 	NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
-	NOTE: patch available at http://www.openwall.com/lists/oss-security/2016/05/29/7
+	NOTE: patch available at https://www.openwall.com/lists/oss-security/2016/05/29/7
 CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used  ...)
 	{DSA-3619-1}
 	- libgd2 2.2.1-1
@@ -18232,7 +18232,7 @@ CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as
 	- php5 <removed> (unimportant)
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/29/3
 CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat 57.34. ...)
 	- libav <removed> (low)
 	[jessie] - libav <no-dsa> (Minor issue)
@@ -18277,7 +18277,7 @@ CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in modules/codec
 	{DSA-3598-1}
 	- vlc 2.2.3-2 (bug #825728)
 	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
-	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
+	NOTE: Details: https://www.openwall.com/lists/oss-security/2016/05/27/3
 	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
 CVE-2016-5090
 	RESERVED
@@ -18618,33 +18618,33 @@ CVE-2016-4552 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail bef
 	[wheezy] - roundcube <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/roundcube/roundcubemail/issues/5240
 	NOTE: https://github.com/roundcube/roundcubemail/pull/5241
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/8
 CVE-2016-5096 (Integer overflow in the fread function in ext/standard/file.c in PHP b ...)
 	{DSA-3602-1 DLA-533-1}
 	- php5 5.6.22+dfsg-1
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
 	NOTE: Fixed in 5.6.22, 5.5.36
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
 CVE-2016-5095 (Integer overflow in the php_escape_html_entities_ex function in ext/st ...)
 	{DSA-3602-1 DLA-533-1}
 	- php5 5.6.22+dfsg-1
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
 	NOTE: Fixed in 5.6.22, 5.5.36
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
 	NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]" comment
 CVE-2016-5094 (Integer overflow in the php_html_entities function in ext/standard/htm ...)
 	{DSA-3602-1 DLA-533-1}
 	- php5 5.6.22+dfsg-1
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
 	NOTE: Fixed in 5.6.22, 5.5.36
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
 CVE-2016-5093 (The get_icu_value_internal function in ext/intl/locale/locale_methods. ...)
 	{DSA-3602-1 DLA-533-1}
 	- php7.0 7.0.7-1
 	- php5 5.6.22+dfsg-1
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
 	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
 CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allo ...)
 	- typo3-src <removed>
 	[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
@@ -18794,7 +18794,7 @@ CVE-2016-5117 (OpenNTPD before 6.0p1 does not validate the CN for HTTPS constrai
 	- openntpd 1:6.0p1-1 (bug #825856; unimportant)
 	[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
 	[wheezy] - openntpd <not-affected> (Vulnerable code introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/23/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/23/2
 	NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
 	NOTE: Option is not enabled at buildtime.
 CVE-2016-4964 (The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Qu ...)
@@ -19258,7 +19258,7 @@ CVE-2016-4762 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, i
 	NOT-FOR-US: Webkit as used by Apple
 CVE-2016-4761 (WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow rem ...)
 	- webkitgtk <removed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/14
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/14
 	NOTE: Not covered by security support
 CVE-2016-4760 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Sa ...)
 	NOT-FOR-US: Webkit as used by Apple
@@ -19721,14 +19721,14 @@ CVE-2016-4567 (Cross-site scripting (XSS) vulnerability in flash/FlashMediaEleme
 	NOTE: Fixed by: https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
 	NOTE: Vulnerable code present, but Flash Player disabled in Debian
 	NOTE: See 0004-Deactivate-Flash-and-Silverlight.patch
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/2
 CVE-2016-4566 (Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plup ...)
 	- wordpress 4.5.2+dfsg-1 (bug #823640)
 	[jessie] - wordpress <not-affected> (Vulnerable code not present)
 	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
 	NOTE: https://wordpress.org/news/2016/05/wordpress-4-5-2/
 	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37382
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/2
 CVE-2016-4568 (drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4. ...)
 	- linux 4.5.3-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.4)
@@ -19753,7 +19753,7 @@ CVE-2016-4561 (Cross-site scripting (XSS) vulnerability in the cgierror function
 	{DSA-3571-1 DLA-463-1}
 	- ikiwiki 3.20160506
 	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/06/8
 CVE-2016-4547 (Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow atta ...)
 	NOT-FOR-US: Samsung Android component
 CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users t ...)
@@ -19762,13 +19762,13 @@ CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and poss
 	{DLA-1641-1}
 	- mxml 2.9-1 (bug #825855)
 	[wheezy] - mxml <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/8
 	NOTE: https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
 CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and poss ...)
 	{DLA-1641-1}
 	- mxml 2.9-2 (bug #825855)
 	[wheezy] - mxml <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/8
 	NOTE: https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb
 CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles referenc ...)
 	- linux 4.5.3-1
@@ -19785,7 +19785,7 @@ CVE-2016-4557 (The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c
 	NOTE: Fixed by: https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 (v4.6-rc6)
 	NOTE: Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
 	NOTE: Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/06/4
 CVE-2016-4556 (Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...)
 	{DSA-3625-1 DLA-478-1}
 	- squid3 3.5.19-1 (bug #823968)
@@ -19997,7 +19997,7 @@ CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/xml.c in PHP before
 	NOTE: https://bugs.php.net/bug.php?id=72099
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
 	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/7290b3bbcaa1e10a8d807fab3242204e9ec3a015
 CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...)
 	{DSA-3602-1 DLA-499-1}
@@ -20006,7 +20006,7 @@ CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35
 	NOTE: https://bugs.php.net/bug.php?id=72093
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...)
 	{DSA-3602-1 DLA-628-1}
 	- php7.0 7.0.6-1
@@ -20014,7 +20014,7 @@ CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35
 	NOTE: https://bugs.php.net/bug.php?id=72093
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4540 (The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c i ...)
 	{DSA-3602-1 DLA-499-1}
 	- php7.0 7.0.6-1
@@ -20022,7 +20022,7 @@ CVE-2016-4540 (The grapheme_stripos function in ext/intl/grapheme/grapheme_strin
 	NOTE: https://bugs.php.net/bug.php?id=72061
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4541 (The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...)
 	{DSA-3602-1 DLA-499-1}
 	- php7.0 7.0.6-1
@@ -20030,7 +20030,7 @@ CVE-2016-4541 (The grapheme_strpos function in ext/intl/grapheme/grapheme_string
 	NOTE: https://bugs.php.net/bug.php?id=72061
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4542 (The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ...)
 	{DSA-3602-1 DLA-499-1}
 	- php7.0 7.0.6-1
@@ -20038,7 +20038,7 @@ CVE-2016-4542 (The exif_process_IFD_TAG function in ext/exif/exif.c in PHP befor
 	NOTE: https://bugs.php.net/bug.php?id=72094
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4543 (The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...)
 	{DSA-3602-1 DLA-499-1}
 	- php7.0 7.0.6-1
@@ -20046,7 +20046,7 @@ CVE-2016-4543 (The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP b
 	NOTE: https://bugs.php.net/bug.php?id=72094
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4544 (The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ...)
 	{DSA-3602-1 DLA-499-1}
 	- php7.0 7.0.6-1
@@ -20054,7 +20054,7 @@ CVE-2016-4544 (The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP
 	NOTE: https://bugs.php.net/bug.php?id=72094
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ( ...)
 	{DLA-493-1}
 	- openafs 1.6.17-1
@@ -20258,12 +20258,12 @@ CVE-2016-4423 (The attemptAuthentication function in Component/Security/Http/Fir
 	NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
 CVE-2016-XXXX [XSS]
 	- dotclear <removed>
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/04/9
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/05/04/9
 CVE-2016-4482 (The proc_connectinfo function in drivers/usb/core/devio.c in the Linux ...)
 	{DSA-3607-1 DLA-516-1}
 	- linux 4.5.5-1
 	NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/04/2
 	NOTE: Fixed by: https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee
 CVE-2016-4483 (The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 all ...)
 	{DSA-3593-1 DLA-503-1}
@@ -20404,19 +20404,19 @@ CVE-2016-4478 (Buffer overflow in the xmlrpc_char_encode function in modules/tra
 	{DSA-3586-1}
 	- atheme-services 7.0.7-2
 	NOTE: https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/02/2
 CVE-2016-4425 (Jansson 2.7 and earlier allows context-dependent attackers to cause a  ...)
 	{DSA-3577-1 DLA-471-1}
 	- jansson 2.7-5 (bug #823238)
 	NOTE: https://github.com/akheron/jansson/issues/282
 	NOTE: https://github.com/akheron/jansson/pull/284
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/01/5
 CVE-2016-4422 (The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth mi ...)
 	{DSA-3567-1}
 	- libpam-sshauth 0.4.1-2
 	NOTE: Introduced in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c
 	NOTE: Fixed in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/01/2
 CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel before ...)
 	- quassel 1:0.12.4-2 (bug #826402)
 	[jessie] - quassel 1:0.10.0-2.3+deb8u3
@@ -20424,7 +20424,7 @@ CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel b
 	NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
 	NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0)
 	NOTE: Fixed by: https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746 (0.12.4)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/30/2
 CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools  ...)
 	NOT-FOR-US: Cisco
 CVE-2016-4352 (Integer overflow in the demuxer function in libmpdemux/demux_gif.c in  ...)
@@ -20434,7 +20434,7 @@ CVE-2016-4352 (Integer overflow in the demuxer function in libmpdemux/demux_gif.
 	[jessie] - mplayer2 <no-dsa> (Minor issue)
 	NOTE: https://trac.mplayerhq.hu/ticket/2295
 	NOTE: Fixed in Revision r37857 upstream
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/3
 CVE-2016-4341 (NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to  ...)
 	NOT-FOR-US: NetApp
 CVE-2016-4339
@@ -21020,7 +21020,7 @@ CVE-2016-4074 (The jv_dump_term function in jq 1.5 allows remote attackers to ca
 	- jq 1.5+dfsg-1.1 (low; bug #822456)
 	[jessie] - jq 1.4-2.1+deb8u1
 	NOTE: https://github.com/stedolan/jq/issues/1136
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/24/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/24/3
 CVE-2016-4069 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail b ...)
 	{DLA-613-1}
 	- roundcube 1.1.5+dfsg.1-1 (bug #822333)
@@ -21028,7 +21028,7 @@ CVE-2016-4069 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webm
 	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
 	NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
 	NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/23/3
 CVE-2016-4068 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
 	{DLA-537-1}
 	- roundcube 1.2.1+dfsg.1-1
@@ -21175,7 +21175,7 @@ CVE-2016-3955 (The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c
 	{DSA-3607-1 DLA-516-1}
 	- linux 4.5.2-1
 	NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/19/1
 CVE-2016-4038 (Array index error in the msm_sensor_config function in kernel/SM-G9008 ...)
 	NOT-FOR-US: Samsung Android driver
 CVE-2016-4035
@@ -21196,7 +21196,7 @@ CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allo
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/18/3
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2 (v2.6.0-rc3)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730 (v2.6.0-rc3)
 CVE-2016-4030 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005 ...)
@@ -21258,7 +21258,7 @@ CVE-2016-4024 (Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allow
 	{DSA-3555-1}
 	- imlib2 1.4.8-1 (bug #821732)
 	NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/14/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/14/5
 CVE-2016-4005 (The Huawei Hilink App application before 3.19.2 for Android does not v ...)
 	NOT-FOR-US: Huawei
 CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server Administra ...)
@@ -21272,7 +21272,7 @@ CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/13/6
 CVE-2016-4000 (Jython before 2.7.1rc1 allows attackers to execute arbitrary code via  ...)
 	{DSA-3893-1 DLA-989-1}
 	- jython 2.5.3-17 (bug #864859)
@@ -21287,7 +21287,7 @@ CVE-2016-3997 (NetApp Clustered Data ONTAP allows man-in-the-middle attackers to
 CVE-2016-XXXX [auth bypass]
 	- brltty <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=967436
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/12/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/04/12/4
 	NOTE: Introduced in: https://github.com/brltty/brltty/commit/e62b3c925d03239a372d425fb87b2cac65d8ef19
 	NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7
 CVE-2016-3996 (ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly che ...)
@@ -21333,7 +21333,7 @@ CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/6
 CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in hw/net/stell ...)
 	{DLA-1599-1}
 	- qemu 1:2.6+dfsg-1 (bug #821038)
@@ -21343,12 +21343,12 @@ CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in hw/net/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/4
 CVE-2016-4008 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
 	{DSA-3568-1 DLA-495-1}
 	- libtasn1-6 4.8-1
 	- libtasn1-3 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/3
 	NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f435825c0f527a8e52e6ffbc3ad0bc60531d537e
 	NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625
 CVE-2016-3995 (The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and  ...)
@@ -21356,13 +21356,13 @@ CVE-2016-3995 (The timing attack protection in Rijndael::Enc::ProcessAndXorBlock
 	[jessie] - libcrypto++ 5.6.1-6+deb8u2
 	[wheezy] - libcrypto++ 5.6.1-6+deb7u2
 	NOTE: https://github.com/weidai11/cryptopp/issues/146
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/6
 	NOTE: Initial upload in 5.6.3-5 was incomplete
 CVE-2016-3994 (The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause ...)
 	{DSA-3555-1}
 	- imlib2 1.4.8-1 (bug #785369)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/6
 CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode function in  ...)
 	{DSA-3560-1 DLA-499-1}
 	- php7.0 7.0.5-1
@@ -21371,7 +21371,7 @@ CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode functio
 	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
 	NOTE: https://bugs.php.net/bug.php?id=71798
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
 	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/ea6ff01f6c31f1615a935ef96622d623a6277d37
 CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ext/snmp ...)
 	{DSA-3560-1 DLA-499-1}
@@ -21380,7 +21380,7 @@ CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ext
 	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
 	NOTE: https://bugs.php.net/bug.php?id=71704
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x  ...)
 	{DSA-3560-1 DLA-499-1}
 	- php7.0 7.0.5-1
@@ -21389,7 +21389,7 @@ CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and
 	NOTE: https://bugs.php.net/bug.php?id=71860
 	NOTE: https://gist.github.com/smalyshev/80b5c2909832872f2ba2
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ext/mbstring ...)
 	{DSA-3560-1 DLA-499-1}
 	- php7.0 7.0.5-1
@@ -21398,7 +21398,7 @@ CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ext/mbs
 	NOTE: https://bugs.php.net/bug.php?id=71906
 	NOTE: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-3976 (Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through ...)
 	NOT-FOR-US: SAP
 CVE-2016-3975 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1  ...)
@@ -21449,7 +21449,7 @@ CVE-2016-3963 (Siemens SCALANCE S613 allows remote attackers to cause a denial o
 	NOT-FOR-US: Siemens
 CVE-2016-3992 (cronic before 3 allows local users to write to arbitrary files via a s ...)
 	- cronic 3-1 (bug #820331)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/4
 CVE-2016-3962 (Stack-based buffer overflow in the NTP time-server interface on Meinbe ...)
 	NOT-FOR-US: Meinberg
 CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress hugetl ...)
@@ -21513,7 +21513,7 @@ CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in lib/updat
 	{DSA-3555-1}
 	- imlib2 1.4.8-1 (bug #819818)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/5
 CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...)
 	{DSA-3625-1}
 	- squid3 3.5.16-1 (bug #819784)
@@ -22347,7 +22347,7 @@ CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in LibT
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1 (low; bug #820365)
 	- tiff3 <not-affected> (tiff tools not built)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/4
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
 CVE-2016-3621 (The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4. ...)
 	{DLA-693-1}
@@ -22355,7 +22355,7 @@ CVE-2016-3621 (The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTI
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <not-affected> (tiff tools not built)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2565
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/3
 	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
 	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
 CVE-2016-3620 (The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4. ...)
@@ -22364,7 +22364,7 @@ CVE-2016-3620 (The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTI
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <not-affected> (tiff tools not built)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2570
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/2
 	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
 	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
 CVE-2016-3619 (The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in  ...)
@@ -22373,7 +22373,7 @@ CVE-2016-3619 (The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff too
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <not-affected> (tiff tools not built)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2567
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/1
 	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
 	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
 CVE-2016-3618
@@ -22396,7 +22396,7 @@ CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and
 	{DSA-3593-1 DLA-503-1}
 	- libxml2 2.9.3+dfsg1-1.1 (bug #819006)
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9 (v2.9.4)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/21/3
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100
 CVE-2016-3615 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
 	{DSA-3632-1 DSA-3624-1 DLA-567-1}
@@ -23475,7 +23475,7 @@ CVE-2016-3156 (The IPv4 implementation in the Linux kernel before 4.5.2 mishandl
 	{DSA-3607-1}
 	- linux 4.5.1-1
 	[wheezy] - linux <not-affected> (Not a security issue since containers are not supported)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/3
 CVE-2016-3133
 	RESERVED
 CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet functi ...)
@@ -23625,7 +23625,7 @@ CVE-2016-3079 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI
 	NOT-FOR-US: Red Hat Satellite / Spacewalk
 CVE-2016-3078 (Multiple integer overflows in php_zip.c in the zip extension in PHP be ...)
 	- php7.0 7.0.6-1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/28/1
 	NOTE: Fixed in 7.0.6
 	NOTE: https://bugs.php.net/bug.php?id=71923
 CVE-2016-3077 (The VersionMapper.fromKernelVersionString method in oVirt Engine allow ...)
@@ -23705,12 +23705,12 @@ CVE-2016-XXXX [fscanf format string security bug in flashrom layout code]
 CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1  ...)
 	- openjpeg2 2.1.1-1 (low; bug #818399)
 	[jessie] - openjpeg2 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/14/14
 	NOTE: https://github.com/uclouvain/openjpeg/issues/726
 CVE-2016-3182 (The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG befo ...)
 	- openjpeg2 2.1.1-1
 	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/14/13
 	NOTE: https://github.com/uclouvain/openjpeg/issues/725
 CVE-2016-3181
 	REJECTED
@@ -24175,24 +24175,24 @@ CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6
 CVE-2016-3154 (The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2 ...)
 	{DSA-3518-1}
 	- spip 3.0.22-1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/2
 	NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22903
 CVE-2016-3153 (SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 al ...)
 	{DSA-3518-1}
 	- spip 3.0.22-1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/2
 	NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22911
 CVE-2016-XXXX [Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter]
 	- cgit 0.12.0.git2.7.0-1
 	[jessie] - cgit 0.10.2.git2.0.1-3+deb8u1
 	NOTE: https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/8
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/03/05/8
 CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier al ...)
 	{DLA-560-1}
 	- cacti 0.8.8g+ds1-2 (bug #818647)
 	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
 	NOTE: http://bugs.cacti.net/view.php?id=2667
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/13
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/13
 	NOTE: Requires authenticated user
 CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allows rem ...)
 	- dropbear 2016.72-1
@@ -24206,7 +24206,7 @@ CVE-2016-3115 (Multiple CRLF injection vulnerabilities in session.c in sshd in O
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: http://www.openssh.com/txt/x11fwd.adv
 	NOTE: Portable OpenSSH 7.2p2 contains a fix for this vulnerability.
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/8
 	NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
 CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not val ...)
 	{DSA-3607-1 DLA-516-1}
@@ -24215,8 +24215,8 @@ CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does no
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
 	NOTE: https://patchwork.ozlabs.org/patch/595575/
 	NOTE: http://marc.info/?l=netfilter-devel&m=145757134822741&w=2
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/4
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/7
 	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
 CVE-2016-3135 (Integer overflow in the xt_alloc_table_info function in net/netfilter/ ...)
 	- linux 4.4.6-1
@@ -24224,7 +24224,7 @@ CVE-2016-3135 (Integer overflow in the xt_alloc_table_info function in net/netfi
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: http://marc.info/?l=netfilter-devel&m=145757136822750&w=2
 	NOTE: https://patchwork.ozlabs.org/patch/595576/
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/7
 CVE-2016-2859
 	REJECTED
 CVE-2016-3124 (The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote at ...)
@@ -24232,7 +24232,7 @@ CVE-2016-3124 (The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remo
 	NOTE: https://simplesamlphp.org/security/201603-01
 	NOTE: Fixed upstream in 1.14.1
 	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/952027dd7f794ff4b2d4f5eddf549c5b5070fa38
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/08/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/08/4
 	NOTE: Not treated as a security issue, many components in Debian reveal the release in use
 CVE-2016-2855 (The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier use ...)
 	NOT-FOR-US: Huawei
@@ -24297,8 +24297,8 @@ CVE-2016-3142 (The phar_parse_zipfile function in zip.c in the PHAR extension in
 	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
 	NOTE: https://bugs.php.net/bug.php?id=71498
 	NOTE: Fixed in 5.5.33, 5.6.19
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/13/2
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd
 CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in PHP be ...)
 	{DLA-818-1}
@@ -24307,8 +24307,8 @@ CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in P
 	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
 	NOTE: https://bugs.php.net/bug.php?id=71587
 	NOTE: Fixed in 5.5.33, 5.6.19
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/13/1
 CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) back-e ...)
 	{DLA-1599-1}
 	- qemu 1:2.6+dfsg-1 (bug #817183)
@@ -24318,7 +24318,7 @@ CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) b
 	NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 (v2.6.0-rc0)
 	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/04/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/04/1
 CVE-2016-8000
 	REJECTED
 CVE-2016-2840 (An issue was discovered in Open-Xchange Server 6 / OX AppSuite before  ...)
@@ -24329,7 +24329,7 @@ CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU all
 	- qemu-kvm <removed>
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/9
 CVE-2016-2854 (The aufs module for the Linux kernel 3.x and 4.x does not properly mai ...)
 	- linux 3.18-1~exp1
 	[jessie] - linux <ignored> (Not exploitable in default configuration)
@@ -24634,7 +24634,7 @@ CVE-2016-2841 (The ne2000_receive function in the NE2000 NIC emulation support (
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190 (v2.6.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/02/8
 CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise ...)
 	- mcollective 2.12.0+dfsg-1 (bug #850968)
 	[jessie] - mcollective <no-dsa> (Minor issue)
@@ -25107,7 +25107,7 @@ CVE-2016-2779 (runuser in util-linux allows local users to escape to the parent
 	[wheezy] - util-linux <not-affected> (runuser[.c] not yet present)
 	[squeeze] - util-linux <not-affected> (runuser[.c] not yet present)
 	NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/27/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/27/1
 	NOTE: https://marc.info/?l=util-linux-ng&m=145694736107128&w=2
 	NOTE: 2.31 introduces a new --pty option to separate privileged and unprivileged
 	NOTE: shells (not enabled by default and the cli switch is necessary).
@@ -25118,7 +25118,7 @@ CVE-2016-XXXX [Partial SMAP bypass on 64-bit Linux kernels]
 	- linux-2.6 <not-affected> (Introduced in 3.10)
 	NOTE: Introduced by: https://git.kernel.org/linus/63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/3d44d51bd339766f0178f0cf2e8d048b4a4872aa (v4.5-rc6)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/26/6
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/26/6
 CVE-2016-7575
 	REJECTED
 CVE-2016-2573
@@ -25229,14 +25229,14 @@ CVE-2016-3162 (The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 al
 	- drupal7 7.43-1
 	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3163 (The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might ...)
 	{DSA-3498-1}
 	- drupal7 7.43-1
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3164 (Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might al ...)
 	{DSA-3498-1}
 	- drupal8 <itp> (bug #756305)
@@ -25244,52 +25244,52 @@ CVE-2016-3164 (Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 mig
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3165 (The Form API in Drupal 6.x before 6.38 ignores access restrictions on  ...)
 	- drupal7 <not-affected> (Only affects Drupal 6)
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3166 (CRLF injection vulnerability in the drupal_set_header function in Drup ...)
 	- drupal7 <not-affected> (Only affects Drupal 6)
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3167 (Open redirect vulnerability in the drupal_goto function in Drupal 6.x  ...)
 	- drupal7 <not-affected> (Only affects Drupal 6)
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3168 (The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might  ...)
 	{DSA-3498-1}
 	- drupal7 7.43-1
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3169 (The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows r ...)
 	{DSA-3498-1}
 	- drupal7 7.43-1
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3170 (The "have you forgotten your password" links in the User module in Dru ...)
 	{DSA-3498-1}
 	- drupal8 <itp> (bug #756305)
 	- drupal7 7.43-1
 	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-3171 (Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before ...)
 	- drupal7 <not-affected> (Only affects Drupal 6)
 	- drupal6 <removed>
 	[squeeze] - drupal6 <end-of-life>
 	NOTE: https://www.drupal.org/SA-CORE-2016-001
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial of ser ...)
 	- audacity 2.1.2-1 (unimportant)
 	[jessie] - audacity <not-affected> (Vulnerable code not present)
@@ -25528,7 +25528,7 @@ CVE-2016-2538 (Multiple integer overflows in the USB Net device emulator (hw/usb
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303120
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e (v2.6.0-rc0)
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=6c9f886ceae5b998dc2b9af2bf77666941689bce (v0.10.0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/3
 CVE-2016-2515 (Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause ...)
 	NOT-FOR-US: NodeJS Hawk
 CVE-2016-2511 (Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier a ...)
@@ -25814,7 +25814,7 @@ CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support (hw
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360 (v2.6.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/16/2
 CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...)
 	- squid 4.1-1 (unimportant)
 	- squid3 3.5.14-1 (unimportant)
@@ -26030,7 +26030,7 @@ CVE-2016-2384 (Double free vulnerability in the snd_usbmidi_create function in s
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/14/2
 	NOTE: https://xairy.github.io/blog/2016/cve-2016-2384
 CVE-2016-2383 (The adjust_branches function in kernel/bpf/verifier.c in the Linux ker ...)
 	- linux 4.4.2-1
@@ -26039,7 +26039,7 @@ CVE-2016-2383 (The adjust_branches function in kernel/bpf/verifier.c in the Linu
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492 (v4.5-rc4)
 	NOTE: Introduced by: https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd (v4.1-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/14/1
 CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
 	- php5 5.6.18+dfsg-1
 	[jessie] - php5 5.6.19+dfsg-0+deb8u1
@@ -26140,7 +26140,7 @@ CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.3
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305543
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=07c7df68bd68bbe706371fccc77c814ebb335d9e
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/5
 CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
 	- php5 5.6.18+dfsg-1
 	[jessie] - php5 5.6.19+dfsg-0+deb8u1
@@ -26192,7 +26192,7 @@ CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to e
 	{DSA-3521-1}
 	- git 1:2.8.0~rc3-1 (bug #818318)
 	NOTE: Removal of path_name: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d (v2.8.0-rc0)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/16/2
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=971328#c4
 	- cgit <not-affected> (path_name function from embedded git is not called)
 CVE-2016-2323
@@ -26375,7 +26375,7 @@ CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated
 	NOTE: http://bugs.cacti.net/view.php?id=2656
 	NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev&revision=7770
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/09/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/09/3
 	NOTE: Only exploitable in non default setup
 CVE-2016-2312 (Turning all screens off in Plasma-workspace and kscreenlocker while th ...)
 	- plasma-workspace 4:5.4.3-2 (bug #814355)
@@ -26450,13 +26450,13 @@ CVE-2016-2224 (The __decode_dotted function in libc/inet/resolv.c in uClibc-ng b
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
 	NOTE: http://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2
 CVE-2016-2225 (The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng bef ...)
 	{DLA-561-1}
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
 	NOTE: http://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2
 CVE-2016-2216 (The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6  ...)
 	- nodejs 4.3.0~dfsg-1 (unimportant)
 	NOTE: libv8 is not covered by security support
@@ -26528,7 +26528,7 @@ CVE-2016-2228 (Cross-site scripting (XSS) vulnerability in horde/templates/topba
 	NOTE: http://lists.horde.org/archives/announce/2016/001140.html
 	NOTE: https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
 	NOTE: https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/06/4
 CVE-2016-7028
 	REJECTED
 CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Orga ...)
@@ -26566,7 +26566,7 @@ CVE-2016-2191 (The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG befo
 	{DSA-3546-1}
 	- optipng 0.7.6-1 (bug #820068)
 	NOTE: https://sourceforge.net/p/optipng/bugs/59/
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/04/2
 CVE-2016-2190 (Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x ...)
 	- moodle 2.7.13+dfsg-1
 CVE-2016-2189
@@ -26836,11 +26836,11 @@ CVE-2016-2117 (The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2
 	- linux 4.5.2-1
 	[wheezy] - linux <not-affected> (Issue introduced with v3.10-rc1)
 	NOTE: Introduced in https://git.kernel.org/linus/ec5f061564238892005257c83565a0b58ec79295 (v3.10-rc1)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/16/7
 CVE-2016-2116 (Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900. ...)
 	{DSA-3508-1}
 	- jasper <removed> (bug #816626)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/12
 CVE-2016-2115 (Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before  ...)
 	{DSA-3548-1}
 	- samba 2:4.3.7+dfsg-1
@@ -26939,20 +26939,20 @@ CVE-2016-2533 (Buffer overflow in the ImagingPcdDecode function in PcdDecode.c i
 	- python-imaging <removed>
 	[wheezy] - python-imaging 1.1.7-4+deb7u2
 	NOTE: https://github.com/python-pillow/Pillow/pull/1706
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/02/5
 	NOTE: https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
 CVE-2016-2221 (Open redirect vulnerability in the wp_validate_redirect function in wp ...)
 	{DSA-3472-1 DLA-418-1}
 	- wordpress 4.4.2+dfsg-1 (bug #813697)
 	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
 	NOTE: https://core.trac.wordpress.org/changeset/36444
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/04/4
 CVE-2016-2222 (The wp_http_validate_url function in wp-includes/http.php in WordPress ...)
 	{DSA-3472-1 DLA-418-1}
 	- wordpress 4.4.2+dfsg-1 (bug #813697)
 	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
 	NOTE: https://core.trac.wordpress.org/changeset/36435
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/04/4
 CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does  ...)
 	- socat 1.7.3.1-1 (bug #813536)
 	[jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
@@ -26961,7 +26961,7 @@ CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8
 	NOTE: The issues is about "In the OpenSSL address implementation the hard coded 1024 bit DH
 	NOTE: p parameter was not prime.". Upstream has generated new parametes (and made it 2048
 	NOTE: bit long.
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/01/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/01/4
 	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
 CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and  ...)
 	{DLA-628-1}
@@ -26971,7 +26971,7 @@ CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17,
 	NOTE: https://bugs.php.net/bug.php?id=70755
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=2721a0148649e07ed74468f097a28899741eb58f
 	NOTE: http://seclists.org/bugtraq/2016/Jan/117
-	NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/02/02/4
 CVE-2016-3197
 	REJECTED
 CVE-2016-2092
@@ -26992,7 +26992,7 @@ CVE-2016-2197 (QEMU (aka Quick Emulator) built with an IDE AHCI emulation suppor
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b (v2.6.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/29/2
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3d8e1138cd0c843d6fd75272633a31be6554ef (v2.3.0-rc2)
 CVE-2016-2088 (resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cook ...)
 	- bind9 <not-affected> (Introduced in Bind 9.10)
@@ -27018,7 +27018,7 @@ CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdw
 	{DLA-669-1}
 	- dwarfutils 20160507-1 (bug #813148)
 	[jessie] - dwarfutils 20120410-2+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/3
 	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91
 CVE-2016-2090 (Off-by-one vulnerability in the fgetwln function in libbsd before 0.8. ...)
 	{DLA-2052-1}
@@ -27076,13 +27076,13 @@ CVE-2016-XXXX [out of bound read and write issues]
 	[wheezy] - giflib <no-dsa> (Minor issue)
 	[squeeze] - giflib <no-dsa> (Minor issue)
 	NOTE: http://sourceforge.net/p/giflib/bugs/82/
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/26/5
 	NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
 CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows at ...)
 	{DSA-3593-1 DLA-503-1}
 	- libxml2 2.9.3+dfsg1-1.1 (bug #812807)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/25/6
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/26/8 has details
 	NOTE: Same fix as CVE-2016-1839 and CVE-2015-8806
 CVE-2016-2070 (The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux k ...)
 	- linux 4.3.5-1
@@ -27207,7 +27207,7 @@ CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.
 	{DSA-3503-1 DLA-412-1}
 	- linux 4.3.5-1
 	- linux-2.6 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/25/1
 	NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1)
 	NOTE: https://git.kernel.org/linus/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1)
 CVE-2016-2053 (The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kerne ...)
@@ -27221,7 +27221,7 @@ CVE-2016-2053 (The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux
 CVE-2016-2049 (examples/consumer/common.php in JanRain PHP OpenID library (aka php-op ...)
 	- php-openid <unfixed> (unimportant)
 	NOTE: sample code only, actual vulnerable code not shipped in package
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/2
 	NOTE: https://github.com/openid/php-openid/issues/128
 CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in MariaDB  ...)
 	{DSA-3557-1 DSA-3453-1 DLA-447-1}
@@ -27660,12 +27660,12 @@ CVE-2016-1983 (The client_host function in parsers.c in Privoxy before 3.0.24 al
 	{DSA-3460-1 DLA-398-1}
 	- privoxy 3.0.24-1
 	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/21/4
 CVE-2016-1982 (The remove_chunked_transfer_coding function in filters.c in Privoxy be ...)
 	{DSA-3460-1 DLA-398-1}
 	- privoxy 3.0.24-1
 	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/21/4
 CVE-2016-1926 (Cross-site scripting (XSS) vulnerability in the charts module in Green ...)
 	NOT-FOR-US: Greenbone Security Assistant
 CVE-2016-1921
@@ -27701,11 +27701,11 @@ CVE-2016-1981 (QEMU (aka Quick Emulator) built with the e1000 NIC emulation supp
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
 	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298570
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/10
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/10
 CVE-2016-2037 (The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remo ...)
 	{DSA-3483-1 DLA-415-1}
 	- cpio 2.11+dfsg-5 (bug #812401)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/4
 	NOTE: To reproduce and uncover the issue with unstable version compile with ASAN
 	NOTE: Patch: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
 	NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b
@@ -27713,7 +27713,7 @@ CVE-2016-2050 (The get_abbrev_array_info function in libdwarf-20151114 allows re
 	{DLA-669-1}
 	- dwarfutils 20160507+git20160523.9086738-1 (unimportant)
 	[jessie] - dwarfutils 20120410-2+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/9
 	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
 	NOTE: Reasoning for "unimportant" severity: The affected source code is present
 	NOTE: in dwarfdump/, but in the binary package is installed dwarfdump2/ .
@@ -27723,7 +27723,7 @@ CVE-2016-XXXX [Multiple minor security issues]
 	- imagemagick 8:6.8.9.9-7 (bug #811308)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/22/4
 CVE-2016-1925 (Integer underflow in header.c in lha allows remote attackers to have u ...)
 	- lha <removed> (unimportant)
 	NOTE: Non-free not supported
@@ -28798,7 +28798,7 @@ CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to
 CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in Ja ...)
 	{DSA-3508-1}
 	- jasper <removed> (bug #816625)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/12
 CVE-2016-1576 (The overlayfs implementation in the Linux kernel through 4.5.2 does no ...)
 	- linux 4.5.1-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -28858,7 +28858,7 @@ CVE-2016-1714 (The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
 	NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/7
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/11/7
 	NOTE: fw_cfg support for guest-side data writes removed in 2.4 (1:2.4+dfsg-1a)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 (v2.4.0-rc0)
 	NOTE: fw_cfg_read removed in: http://git.qemu.org/?p=qemu.git;a=commit;h=6c8d56a2e95712a6206a2671d2b04b2e59cabc0b
@@ -28868,7 +28868,7 @@ CVE-2016-1569 (FireBird 2.5.5 allows remote authenticated users to cause a denia
 	[wheezy] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
 	[squeeze] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
 	NOTE: http://tracker.firebirdsql.org/browse/CORE-5068
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/10/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/10/2
 CVE-2016-1568 (Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with ...)
 	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
 	- qemu 1:2.5+dfsg-2 (bug #810527)
@@ -28878,7 +28878,7 @@ CVE-2016-1568 (Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built
 	NOTE: Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
 	NOTE: ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/09/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/09/1
 CVE-2016-1563 (NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certi ...)
 	NOT-FOR-US: NetApp
 CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for An ...)
@@ -29088,14 +29088,14 @@ CVE-2016-1564 (Multiple cross-site scripting (XSS) vulnerabilities in wp-include
 	NOTE: https://core.trac.wordpress.org/changeset/36185
 	NOTE: https://wpvulndb.com/vulnerabilities/8358
 	NOTE: https://twitter.com/brutelogic/status/685105483397619713
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/08/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/08/3
 CVE-2016-1503 (dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x befor ...)
 	- dhcpcd5 6.10.1-1 (bug #810621)
 	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	- dhcpcd <not-affected> (Vulnerable code not present)
 	NOTE: https://dev.marples.name/rDHC1475a702df74b120db847991bc011e3441a045b8
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/07/3
 	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
 CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial of serv ...)
 	- dhcpcd5 6.10.1-1 (bug #810620)
@@ -29104,12 +29104,12 @@ CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial of
 	- dhcpcd <not-affected> (Vulnerable code not present)
 	[squeeze] - dhcpcd <not-affected> (Vulnerable code not present)
 	NOTE: https://dev.marples.name/rDHC33c03b26c01201152774ef92e7b773281b8d8443
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/07/3
 	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
 CVE-2016-XXXX [Missing normalization]
 	- ruby-rack-attack 4.3.1-1
 	NOTE: https://github.com/kickstarter/rack-attack/commit/76c2e3143099d938883ae5654527b47e9e6a8977
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/1
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/07/1
 CVE-2016-1501 (ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authe ...)
 	- owncloud 7.0.12~dfsg-2
 	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
@@ -29665,7 +29665,7 @@ CVE-2016-1249 (The DBD::mysql module before 4.039 for Perl, when using server-si
 	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue)
 	[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe (4.039)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/16/1
 CVE-2016-1248 (vim before patch 8.0.0056 does not properly validate values for the 'f ...)
 	{DSA-3722-1 DLA-718-1}
 	- vim 2:8.0.0095-1
@@ -29730,7 +29730,7 @@ CVE-2016-1237 (nfsd in the Linux kernel through 4.6.3 allows local users to bypa
 CVE-2016-1236 (Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.ph ...)
 	{DSA-3572-1 DLA-462-1}
 	- websvn <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/22
+	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/22
 CVE-2016-1235 (The oarsh script in OAR before 2.5.7 allows remote authenticated users ...)
 	{DSA-3543-1}
 	- oar 2.5.7-1 (bug #819952)
@@ -30381,7 +30381,7 @@ CVE-2016-1922 (QEMU (aka Quick Emulator) built with the TPR optimization for 32-
 	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
-	NOTE: http://www.openwall.com/lists/oss-security/2016/01/16/1
+	NOTE: https://www.openwall.com/lists/oss-security/2016/01/16/1
 	NOTE: Possibly introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518 (v1.6.0-rc0)
 	NOTE: kvmapic introduced after 1.0.50 (http://git.qemu.org/?p=qemu.git;a=commit;h=e5ad936b0fd7dfd7fd7908be6f9f1ca88f63b96b)
 CVE-2016-0930 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before ...)
@@ -31328,7 +31328,7 @@ CVE-2016-0635 (Unspecified vulnerability in the Enterprise Manager Ops Center co
 CVE-2016-0634 (The expansion of '\h' in the prompt string in bash 4.3 allows remote a ...)
 	- bash 4.4-1 (unimportant)
 	[jessie] - bash 4.3-11+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
+	NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/8
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
 	NOTE: Fixed bin Bash upstream bash-4.4
 	NOTE: This doesn't cross any reasonable security boundaries, an attacker with the
@@ -32713,39 +32713,39 @@ CVE-2016-1000033 (Shotwell version 0.22.0 (and possibly other versions) is vulne
 	[jessie] - shotwell <no-dsa> (Minor issue)
 	[wheezy] - shotwell <no-dsa> (Minor issue)
 	[squeeze] - shotwell <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/4
+	NOTE: https://www.openwall.com/lists/oss-security/2015/12/04/4
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=754488
 CVE-2016-4353 (ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder ...)
 	- libksba 1.3.3-1 (low)
 	[jessie] - libksba 1.3.2-1+deb8u1
 	[wheezy] - libksba <no-dsa> (Minor issue)
 	[squeeze] - libksba <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a
 CVE-2016-4355 (Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 al ...)
 	- libksba 1.3.3-1 (low)
 	[jessie] - libksba 1.3.2-1+deb8u1
 	[wheezy] - libksba <no-dsa> (Minor issue)
 	[squeeze] - libksba <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
 CVE-2016-4354 (ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data t ...)
 	- libksba 1.3.3-1 (low)
 	[jessie] - libksba 1.3.2-1+deb8u1
 	[wheezy] - libksba <no-dsa> (Minor issue)
 	[squeeze] - libksba <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
 CVE-2016-4356 (The append_utf8_value function in the DN decoder (dn.c) in Libksba bef ...)
 	- libksba 1.3.3-1 (low)
 	[jessie] - libksba 1.3.2-1+deb8u1
 	[wheezy] - libksba <no-dsa> (Minor issue)
 	[squeeze] - libksba <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
+	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
 CVE-2016-9675 (openjpeg: A heap-based buffer overflow flaw was found in the patch for ...)
 	- openjpeg 1.5.2-1
@@ -32764,4 +32764,4 @@ CVE-2016-2856 (pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jes
 	[jessie] - glibc 2.19-18+deb8u4
 	NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
 	NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
-	NOTE: http://www.openwall.com/lists/oss-security/2016/03/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2016/03/07/2
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index f4bea5dbc0..10bf8b1ac7 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -2329,7 +2329,7 @@ CVE-2017-18019 (In K7 Total Security before 15.1.0.305, user-controlled input to
 CVE-2017-18018 (In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does no ...)
 	- coreutils <unfixed> (unimportant)
 	NOTE: http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
-	NOTE: http://www.openwall.com/lists/oss-security/2018/01/04/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/01/04/3
 	NOTE: Documentation patches proposed:
 	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
 	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
@@ -3086,7 +3086,7 @@ CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local a
 	[stretch] - open-iscsi <no-dsa> (Minor issue)
 	[jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
 	[wheezy] - open-iscsi <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/12/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/12/13/2
 	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
 	NOTE: Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea
 	NOTE: But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72
@@ -3656,7 +3656,7 @@ CVE-2017-17670 (In VideoLAN VLC media player through 2.2.8, there is a type conv
 	- vlc 3.0.0~rc2-1
 	[jessie] - vlc <end-of-life> (See DSA-4203-1)
 	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/12/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/12/15/1
 	NOTE: POC: https://gist.github.com/dyntopia/194d912287656f66dd502158b0cd2e68
 CVE-2017-17669 (There is a heap-based buffer over-read in the Exiv2::Internal::PngChun ...)
 	- exiv2 0.27.2-6 (bug #886006)
@@ -4389,21 +4389,21 @@ CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a vu
 	{DSA-4082-1 DSA-4073-1}
 	- linux 4.14.7-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.3)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/12/06/3
 CVE-2017-1000409 (A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca ...)
 	- glibc 2.25-5 (bug #884133)
 	[stretch] - glibc 2.24-11+deb9u4
 	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/12/11/4
 CVE-2017-1000408 (A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...)
 	- glibc 2.25-5 (bug #884132)
 	[stretch] - glibc 2.24-11+deb9u4
 	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/12/11/4
 CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, w ...)
 	{DSA-4067-1 DLA-1213-1}
 	- openafs 1.6.22-1 (bug #883602)
@@ -5785,7 +5785,7 @@ CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problemat
 	[jessie] - linux 3.16.51-1
 	[wheezy] - linux <not-affected> (vulnerable code not present, cf. kernel-sec information)
 	NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
-	NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/11/30/1
 	NOTE: https://github.com/bindecy/HugeDirtyCowPOC
 CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used th ...)
 	NOT-FOR-US: Jenkins plugin
@@ -5861,15 +5861,15 @@ CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 thro
 	NOT-FOR-US: Phoenix Framework
 CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
 	- exiv2 <not-affected> (Vulnerable code introduced in 0.26; only affected experimental)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1
 	NOTE: https://github.com/Exiv2/exiv2/issues/177
 CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...)
 	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888863)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1
 	NOTE: https://github.com/Exiv2/exiv2/issues/176
 CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
 	- exiv2 <not-affected> (WebP support introduced in 0.26; only affected experimental; bug #888864)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1
 	NOTE: https://github.com/Exiv2/exiv2/issues/175
 CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in tinfo/w ...)
 	- ncurses 6.0+20171125-1 (bug #882620)
@@ -6822,7 +6822,7 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul
 	[stretch] - wayland 1.12.0-1+deb9u1
 	[jessie] - wayland <no-dsa> (Minor issue)
 	[wheezy] - wayland <not-affected> (vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/11/28/6
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
 	NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
 	NOTE: Wayland: https://bugs.freedesktop.org/show_bug.cgi?id=103961
@@ -6835,7 +6835,7 @@ CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local att
 	[jessie] - libxfont <no-dsa> (Minor issue)
 	[wheezy] - libxfont <postponed> (Minor issue)
 	- libxfont1 <removed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/11/28/7
 	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8
 	NOTE: (for 1.5.x): https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=5ed8ac0e4f063825b8ecda48e9a111d3ce92e825
 	NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
@@ -7523,7 +7523,7 @@ CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10
 	[wheezy] - ruby-passenger <not-affected> (Vulnerable code introduced later)
 	NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
 	NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
-	NOTE: http://www.openwall.com/lists/oss-security/2017/11/21/2 and following.
+	NOTE: https://www.openwall.com/lists/oss-security/2017/11/21/2 and following.
 	NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to
 	NOTE: get the status information.
 CVE-2017-16354
@@ -7775,8 +7775,8 @@ CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) igno
 	NOTE: Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182
 CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask wh ...)
 	- vim <unfixed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
-	NOTE: Cf. http://www.openwall.com/lists/oss-security/2017/11/01/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/10/31/15
+	NOTE: Cf. https://www.openwall.com/lists/oss-security/2017/11/01/4
 	NOTE: vim creates the .swp file according to the permissions of the file being
 	NOTE: edited, admitely ignoring the umask, so in the reporters case the .swp
 	NOTE: file is readable by others. But that seem to be the intended behaviour.
@@ -7794,7 +7794,7 @@ CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenSt
 	[stretch] - nova <not-affected> (Fix for CVE-2017-16239 not applied and not affecting 14.x.y)
 	[jessie] - nova <not-affected> (Vulnerable code not present)
 	[wheezy] - nova <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/12/05/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/12/05/5
 	NOTE: https://launchpad.net/bugs/1732976
 CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x throug ...)
 	{DSA-4056-1}
@@ -7803,7 +7803,7 @@ CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x
 	[wheezy] - nova <not-affected> (Vulnerble code introduced later)
 	NOTE: https://launchpad.net/bugs/1664931
 	NOTE: https://security.openstack.org/ossa/OSSA-2017-005.html
-	NOTE: Regression fix: http://www.openwall.com/lists/oss-security/2017/12/05/4
+	NOTE: Regression fix: https://www.openwall.com/lists/oss-security/2017/12/05/4
 CVE-2017-16238
 	RESERVED
 CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64 ...)
@@ -9020,7 +9020,7 @@ CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in &lt
 	{DSA-4164-1}
 	- apache2 2.4.33-1
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/6
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/6
 CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape u ...)
 	NOT-FOR-US: BIRT plugin in Apache OFBiz
 CVE-2017-15713 (Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before  ...)
@@ -9032,7 +9032,7 @@ CVE-2017-15711
 CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 ...)
 	{DSA-4164-1 DLA-1389-1}
 	- apache2 2.4.33-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/8
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/8
 CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...)
 	- activemq 5.15.3-1 (bug #890352)
 	[stretch] - activemq <no-dsa> (Minor issue)
@@ -9072,7 +9072,7 @@ CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectVali
 	NOT-FOR-US: Apache Sling Authentication Service
 CVE-2017-15699 (A Denial of Service vulnerability was found in Apache Qpid Dispatch Ro ...)
 	- qpid-dispatch <itp> (bug #737776)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/02/13/5
+	NOTE: https://www.openwall.com/lists/oss-security/2018/02/13/5
 CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache T ...)
 	{DSA-4118-1 DLA-1276-1}
 	- tomcat-native 1.2.16-1
@@ -10585,7 +10585,7 @@ CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows rem
 	- ffmpeg 7:3.4-1
 	- libav <removed>
 	[jessie] - libav <not-affected> (vulnerable code was introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/10/20/4
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa
 CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_cle ...)
 	- mp3splt 2.6.2+20170630-2
@@ -10774,7 +10774,7 @@ CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and ol
 	[wheezy] - qemu <postponed> (Can be fixed along in later update)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/12/19/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/12/19/4
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg00796.html
 CVE-2017-15123 (A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, ...)
@@ -10923,7 +10923,7 @@ CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in
 	NOTE: This CVE-2017-15095 should be considered to include everything in
 	NOTE: NO_DESER_CLASS_NAMES as of:
 	NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43
-	NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3
+	NOTE: Details: https://www.openwall.com/lists/oss-security/2017/11/02/3
 	NOTE: For libjackson-json-java:
 	NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31
 CVE-2017-15094 (An issue has been found in the DNSSEC parsing code of PowerDNS Recurso ...)
@@ -12030,7 +12030,7 @@ CVE-2017-14745 (The *_get_synthetic_symtab functions in the Binary File Descript
 CVE-2017-14867 (Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x  ...)
 	{DSA-3984-1 DLA-1120-1}
 	- git 1:2.14.2-1 (bug #876854)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/26/9
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/26/9
 	NOTE: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u
 CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. ...)
 	NOT-FOR-US: UEditor
@@ -13443,7 +13443,7 @@ CVE-2017-14482 (GNU Emacs before 25.3 allows remote attackers to execute arbitra
 	- emacs25 25.2+1-6 (bug #875447)
 	- emacs24 <removed> (bug #875448)
 	- emacs23 <removed> (bug #875449)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/11/1
 	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
 CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...)
@@ -13775,21 +13775,21 @@ CVE-2017-14161
 CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of service  ...)
 	{DSA-4360-1 DLA-1600-1 DLA-1092-1}
 	- libarchive 3.2.2-3.1 (bug #874539)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/5
 	NOTE: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
 	NOTE: https://github.com/libarchive/libarchive/issues/935
 CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
 	- graphicsmagick 1.3.26-9 (unimportant; bug #874724)
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/4
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/
 CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5  ...)
 	{DLA-2013-1}
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
 	NOTE: Upstream fix: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
 CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attac ...)
@@ -13965,18 +13965,18 @@ CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted Fi
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...)
 	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Crash in CLI tool, no security impact
 CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...)
 	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Crash in CLI tool, no security impact
 CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...)
 	{DLA-1091-1}
 	- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
 	[stretch] - unrar-free <no-dsa> (Minor issue)
 	[jessie] - unrar-free <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29
 CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all ...)
 	NOT-FOR-US: EyesOfNetwork (EON)
@@ -14041,7 +14041,7 @@ CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c i
 	[stretch] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
 	[jessie] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/01/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/01/6
 	NOTE: https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/
 CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping privileg ...)
 	- mimedefang 2.83-1 (bug #877363)
@@ -15162,7 +15162,7 @@ CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FG
 	- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
 	[stretch] - flightgear 1:2016.4.4+dfsg-3+deb9u1
 	[jessie] - flightgear 3.0.0-5+deb8u3
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/27/1
 CVE-2017-13705
 	RESERVED
 CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match the expe ...)
@@ -17053,39 +17053,39 @@ CVE-2017-12942 (libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Un
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6
 CVE-2017-12941 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpa ...)
 	- unrar-nonfree 1:5.5.8-1
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6
 CVE-2017-12940 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Enco ...)
 	- unrar-nonfree 1:5.5.8-1
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6
 CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a directory-trave ...)
 	- unrar-nonfree 1:5.5.8-1
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/2
 CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
 	{DSA-4321-1 DLA-1401-1 DLA-1082-1}
 	- graphicsmagick 1.3.26-6 (bug #872574)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/5
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
 CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
 	{DSA-4321-1 DLA-1456-1 DLA-1082-1}
 	- graphicsmagick 1.3.26-6 (bug #872575)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/3
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
 CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mis ...)
 	{DSA-4321-1 DLA-1456-1 DLA-1082-1}
 	- graphicsmagick 1.3.26-6 (bug #872576)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/4
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
 CVE-2017-12934 (ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x  ...)
 	{DSA-4080-1}
@@ -17377,7 +17377,7 @@ CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dr
 	- nagios3 <removed>
 	[jessie] - nagios3 <no-dsa> (Minor issue)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/16/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/16/7
 	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/404
 	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752
 	NOTE: https://github.com/orlitzky/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb
@@ -17501,7 +17501,7 @@ CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2 thro
 CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might  ...)
 	{DSA-3940-1 DLA-1056-1}
 	- cvs 2:1.12.13+real-24 (bug #871810)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/11/1
 CVE-2017-12799 (The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows re ...)
 	- binutils 2.29-9
 	[stretch] - binutils <ignored> (Minor issue)
@@ -17984,13 +17984,13 @@ CVE-2017-12637 (Directory traversal vulnerability in scheduler/ui/js/ffffffffbca
 CVE-2017-12636 (CouchDB administrative users can configure the database server via HTT ...)
 	{DLA-1252-1}
 	- couchdb <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/11/14/6
 	NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/9a28df7e9703a1a3420e7616c4d33a523ee06354
 	NOTE: Possibly needs more updates: https://github.com/apache/couchdb/commit/bf6b6a1c84321baee2c4ad354059a45e0b8fdec7
 CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and JavaScript-base ...)
 	{DLA-1252-1}
 	- couchdb <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/11/14/6
 	NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/3706a77c13a78672e5a3fbde06e7bffd3665f73b
 CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20. ...)
 	NOT-FOR-US: Apache Camel
@@ -18040,7 +18040,7 @@ CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom
 	- jenkins-commons-jelly <removed>
 	[jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
 	[wheezy] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/27/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/27/6
 CVE-2017-12620 (When loading models or dictionaries that contain XML it is possible to ...)
 	NOT-FOR-US: Apache OpenNLP
 CVE-2017-12619 (Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation whic ...)
@@ -19316,7 +19316,7 @@ CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnera
 	[jessie] - openvpn <no-dsa> (Minor issue)
 	[wheezy] - openvpn <no-dsa> (Minor issue)
 	NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/28/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/28/2
 	NOTE: https://community.openvpn.net/openvpn/changeset/3b1a61e9fb27213c46f76312f4065816bee8ed01/ (master)
 	NOTE: https://community.openvpn.net/openvpn/changeset/c7e259160b28e94e4ea7f0ef767f8134283af255/ (release/2.4)
 	NOTE: https://community.openvpn.net/openvpn/changeset/fce34375295151f548a26c2d0eb30141e427c81a/ (release/2.3)
@@ -20719,11 +20719,11 @@ CVE-2017-11656
 	RESERVED
 CVE-2017-11655 (A memory leak was found in the way SIPcrack 0.2 handled processing of  ...)
 	- sipcrack <unfixed> (unimportant; bug #869803)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/07/26/1
 	NOTE: Negligible security impact
 CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...)
 	- sipcrack <unfixed> (unimportant; bug #869803)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/07/26/1
 	NOTE: Negligible security impact
 CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the D ...)
 	NOT-FOR-US: Razer Synapse
@@ -21577,7 +21577,7 @@ CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.
 	- graphicsmagick 1.3.26-3
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
 	NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
-	NOTE: issue. See: http://www.openwall.com/lists/oss-security/2017/09/01/6
+	NOTE: issue. See: https://www.openwall.com/lists/oss-security/2017/09/01/6
 	NOTE: The addition required commit is: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
 CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...)
 	NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance
@@ -22628,7 +22628,7 @@ CVE-2017-11105 (The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL
 	NOT-FOR-US: OnePlus
 CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in the functio ...)
 	- jasper <removed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/06/1
 	NOTE: https://github.com/mdadams/jasper/issues/120
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293
 CVE-2017-1002024 (Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/u ...)
@@ -22985,7 +22985,7 @@ CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames start
 	[wheezy] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
 	NOTE: https://github.com/systemd/systemd/issues/6237
 	NOTE: Fixed by: https://github.com/systemd/systemd/commit/bb28e68477a3a39796e4999a6cbc6ac6345a9159
-	NOTE: http://www.openwall.com/lists/oss-security/2017/07/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/07/02/1
 CVE-2017-10977
 	RESERVED
 CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead t ...)
@@ -23051,14 +23051,14 @@ CVE-2017-10972 (Uninitialized data in endianness conversion in the XEvent handli
 	{DSA-3905-1 DLA-1026-1}
 	- xorg-server 2:1.19.3-2 (bug #867492)
 	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
-	NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/07/06/6
 CVE-2017-10971 (In the X.Org X server before 2017-06-19, a user authenticated to an X  ...)
 	{DSA-3905-1 DLA-1026-1}
 	- xorg-server 2:1.19.3-2 (bug #867492)
 	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
 	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
 	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
-	NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/07/06/6
 CVE-2017-10969
 	RESERVED
 CVE-2017-10968 (In FineCMS through 2017-07-07, application\core\controller\template.ph ...)
@@ -25681,7 +25681,7 @@ CVE-2017-10140 (Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6,
 	- db4.0 <removed>
 	- db <removed>
 	[jessie] - db 5.1.29-9+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/12/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/12/1
 	NOTE: Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
 	NOTE: and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
 CVE-2017-10139
@@ -26742,7 +26742,7 @@ CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allo
 CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allow ...)
 	{DSA-3957-1}
 	- ffmpeg 7:3.3.3-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/14/1
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
 CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might ...)
@@ -26770,7 +26770,7 @@ CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCT
 	{DSA-3945-1 DSA-3927-1}
 	- linux 4.11.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/13/2
 	NOTE: Fixed by: https://git.kernel.org/linus/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c (v4.12-rc5)
 CVE-2017-9603 (SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordP ...)
 	NOT-FOR-US: WP Jobs plugin for WordPress
@@ -26958,7 +26958,7 @@ CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0
 	- cron 3.0pl1-129 (bug #864466)
 	[stretch] - cron <no-dsa> (Minor issue)
 	[wheezy] - cron <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/08/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/08/3
 CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...)
 	NOT-FOR-US: Sophos
 CVE-2017-9522 (The Time Warner firmware on Technicolor TC8717T devices sets the defau ...)
@@ -27194,7 +27194,7 @@ CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new in
 	[jessie] - systemd <not-affected> (Vulnerable code not present)
 	[wheezy] - systemd <not-affected> (Vulnerable code not present)
 	NOTE: Introduced by: https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/27/8
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/27/8
 CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\ ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2017-9443 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated  ...)
@@ -27659,7 +27659,7 @@ CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable
 	[buster] - sudo 1.8.19p1-2.1
 	[stretch] - sudo 1.8.19p1-2.1
 	[jessie] - sudo 1.8.10p3-1+deb8u5
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/02/7
 	NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
 CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an inpu ...)
 	{DSA-3867-1 DLA-970-1}
@@ -27667,7 +27667,7 @@ CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to
 	[buster] - sudo 1.8.19p1-2
 	[stretch] - sudo 1.8.19p1-2
 	NOTE: https://www.sudo.ws/alerts/linux_tty.html
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/30/16
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/30/16
 	NOTE: https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
 CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulation su ...)
 	{DSA-3920-1}
@@ -28162,7 +28162,7 @@ CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial
 	[stretch] - qpdf <no-dsa> (Minor issue)
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	[wheezy] - qpdf <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10
 	NOTE: https://github.com/qpdf/qpdf/issues/101
 CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...)
 	[experimental] - qpdf 7.0~b1-1
@@ -28170,7 +28170,7 @@ CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial
 	[stretch] - qpdf <no-dsa> (Minor issue)
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	[wheezy] - qpdf <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10
 	NOTE: https://github.com/qpdf/qpdf/issues/100
 CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...)
 	[experimental] - qpdf 7.0~b1-1
@@ -28178,7 +28178,7 @@ CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial
 	[stretch] - qpdf <no-dsa> (Minor issue)
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	[wheezy] - qpdf <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10
 	NOTE: https://github.com/qpdf/qpdf/issues/99
 CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener ...)
 	NOT-FOR-US: ImageWorsener
@@ -28198,7 +28198,7 @@ CVE-2017-9148 (The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x be
 	{DLA-977-1}
 	- freeradius 3.0.12+dfsg-5 (bug #863673)
 	[jessie] - freeradius <not-affected> (Only affects 2.1.1 to 2.1.7 and 3.0 to 3.0.13)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/29/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/29/1
 	NOTE: http://freeradius.org/security.html#session-resumption-2017
 	NOTE: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563
 CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ti ...)
@@ -28340,7 +28340,7 @@ CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress fun
 	- openexr 2.2.0-11.1 (bug #864078)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...)
 	- openexr <unfixed> (bug #873885)
@@ -28348,7 +28348,7 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator fu
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in  ...)
 	- openexr <unfixed> (bug #873885)
@@ -28356,7 +28356,7 @@ CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill functio
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
 	- openexr <unfixed> (low; bug #873885)
@@ -28364,14 +28364,14 @@ CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadP
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...)
 	{DLA-1083-1}
 	- openexr 2.2.0-11.1 (bug #864078)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function  ...)
 	- openexr <unfixed> (bug #873885)
@@ -28379,14 +28379,14 @@ CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE func
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function  ...)
 	{DLA-1083-1}
 	- openexr 2.2.0-11.1 (bug #864078)
 	[stretch] - openexr <no-dsa> (Minor issue)
 	[jessie] - openexr <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...)
 	- adns 1.6.0-2 (unimportant)
@@ -28561,25 +28561,25 @@ CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based
 	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #863018)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
 CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...)
 	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #863019)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
 CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buf ...)
 	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #863021)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
 CVE-2017-9047 (A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g074180 ...)
 	{DSA-3952-1 DLA-1008-1}
 	- libxml2 2.9.4+dfsg1-3.1 (bug #863022)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
 CVE-2017-9046 (winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code e ...)
 	NOT-FOR-US: Pegasus Mail
@@ -29102,7 +29102,7 @@ CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
 CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by lever ...)
 	{DSA-3951-1 DLA-1002-1}
 	- smb4k 1.2.1-2 (bug #862505)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/3
 	NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt
 	NOTE: https://github.com/stealth/plasmapulsar
 	NOTE: smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e
@@ -29301,7 +29301,7 @@ CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster
 	- postgresql-common 188
 CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links opt ...)
 	- archvsync 20171017
-	NOTE: http://www.openwall.com/lists/oss-security/2017/10/17/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/10/17/2
 	NOTE: https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016
 CVE-2017-1000041
 	REJECTED
@@ -29317,7 +29317,7 @@ CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka
 	NOTE: This is not a vulnerability in glibc, but a bug in the application, see
 	NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00128.html and
 	NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/05/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/05/2
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21461
 CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow use ...)
 	NOT-FOR-US: Notepad++
@@ -29394,7 +29394,7 @@ CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc throug
 	- rpcbind 0.2.3-0.6 (bug #861835)
 	- libtirpc 0.2.5-1.2 (bug #861834)
 	- ntirpc 1.4.4-1 (bug #861836)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/04/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/04/1
 	NOTE: https://github.com/guidovranken/rpcbomb/
 CVE-2017-8776 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...)
 	NOT-FOR-US: Quick Heal Internet Security
@@ -30116,7 +30116,7 @@ CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local user
 	{DSA-3849-1 DLA-952-1}
 	- kauth 5.28.0-2
 	- kde4libs 4:4.14.26-2
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/3
 	NOTE: patch for kauth: https://github.com/KDE/kauth/commit/df875f725293af53399f5146362eb158b4f9216a
 	NOTE: patch for kde4libs: https://github.com/KDE/kdelibs/commit/264e97625abe2e0334f97de17f6ffb52582888ab
 	NOTE: https://www.kde.org/info/security/advisory-20170510-1.txt
@@ -30556,7 +30556,7 @@ CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that
 	[jessie] - kedpm 1.0+deb8u1
 	NOTE: patch in BTS gives workaround to always prompt for password and do not save
 	NOTE: to database.
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/25/9
 CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a password- ...)
 	{DSA-3870-1 DLA-975-1}
 	- wordpress 4.7.5+dfsg-2 (bug #862053)
@@ -30588,7 +30588,7 @@ CVE-2017-8305 (The UDFclient (before 0.8.8) custom strlcpy implementation has a
 	- udfclient 0.8.8-1 (bug #861347)
 CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_ ...)
 	- libressl <itp> (bug #754513)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/27/11
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/27/11
 CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remot ...)
 	{DSA-3838-1 DLA-932-1}
 	- ghostscript 9.20~dfsg-3.1 (bug #861295)
@@ -30728,7 +30728,7 @@ CVE-2017-8226 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default c
 	NOT-FOR-US: Amcrest
 CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU pat ...)
 	- dpkg 1.18.24 (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/20/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/20/2
 CVE-2017-8225 (On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (con ...)
 	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
 CVE-2017-8224 (Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account  ...)
@@ -31595,13 +31595,13 @@ CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c
 	NOTE: https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424
 CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which  ...)
 	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6
 CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall p ...)
 	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6
 CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css. ...)
 	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6
 CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to den ...)
 	{DSA-3855-1 DLA-942-1}
 	- jbig2dec 0.13-4.1 (bug #860460)
@@ -32407,7 +32407,7 @@ CVE-2017-7693 (Directory traversal vulnerability in viewer_script.jsp in Riverbe
 CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allo ...)
 	{DSA-3852-1 DLA-941-1}
 	- squirrelmail <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/19/6
 	NOTE: https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
 CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...)
 	NOT-FOR-US: SAP TREX
@@ -32503,7 +32503,7 @@ CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 in
 	[jessie] - apache2 <not-affected> (Vulnerable code not present)
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: HTTP/2 support introduced in 2.4.17
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/19/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/19/5
 CVE-2017-7658 (In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...)
 	{DSA-4278-1}
 	- jetty <removed>
@@ -32642,7 +32642,7 @@ CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat sy
 CVE-2017-7615 (MantisBT through 2.3.0 allows arbitrary password reset and unauthentic ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/16/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/16/2
 CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
 	- binutils 2.28-4 (low; bug #859989)
 	[jessie] - binutils <ignored> (Minor issue)
@@ -32840,7 +32840,7 @@ CVE-2017-7572 (The _checkPolkitPrivilege function in serviceHelper.py in Back In
 	- backintime 1.1.12-2 (bug #859815)
 	[jessie] - backintime <no-dsa> (Minor issue)
 	[wheezy] - backintime <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/07/2
 	NOTE: https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869
 CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtai ...)
 	NOT-FOR-US: Faveo
@@ -32863,7 +32863,7 @@ CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at AA
 CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allo ...)
 	{DLA-890-1}
 	- ming <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/07/1
 	NOTE: https://github.com/libming/libming/issues/68
 CVE-2017-7562 (An authentication bypass flaw was found in the way krb5's certauth int ...)
 	- krb5 <not-affected> (Vulnerable code introduced later, cf. #873281)
@@ -33002,7 +33002,7 @@ CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel
 	{DSA-3945-1 DSA-3927-1}
 	- linux 4.12.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/08/03/2
 	NOTE: Fixed by: https://git.kernel.org/linus/49d31c2f389acfe83417083e1208422b4091cd9 (v4.13-rc1)
 CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default setti ...)
 	- moodle <removed>
@@ -33060,7 +33060,7 @@ CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to
 	[wheezy] - openvpn <not-affected> (x509-track implemented in 2.4.0)
 	NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/426392940c
 	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6
 	NOTE: In Debian openvpn is compiled against OpenSSL, thus even affected
 	NOTE: code present.
 CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...)
@@ -33074,7 +33074,7 @@ CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to
 	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/84e1775961de1c9d2ab32159fc03f758591f5238
 	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/1dde0cd6e5e6a0f2f45ec9969b7ff1b6537514ad
 	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6
 CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...)
 	{DSA-3900-1 DLA-999-1}
 	- openvpn 2.4.3-1 (bug #865480)
@@ -33082,7 +33082,7 @@ CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to
 	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/043fe327878eba75efa13794c9845f85c3c629f2
 	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/f38a4a105979b87ebebe9be1c3d323116d3fb924
 	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6
 CVE-2017-7519 (In Ceph, a format string flaw was found in the way libradosstriper par ...)
 	{DSA-4339-1}
 	- ceph 12.2.8+dfsg1-1 (bug #864535)
@@ -33092,7 +33092,7 @@ CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the w
 	{DSA-3981-1}
 	- linux 4.11.11-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/23/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/5
 	NOTE: https://www.spinics.net/lists/kvm/msg151817.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464473
 	NOTE: Fixed by: https://git.kernel.org/linus/c8401dda2f0a00cd25c0af6a95ed50e478d25de4
@@ -33126,7 +33126,7 @@ CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to
 	{DSA-3900-1}
 	- openvpn 2.4.3-1 (bug #865480)
 	[wheezy] - openvpn <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6
 	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
 	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/c3f47077a7756de5929094569421a95aa66f2022
 	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/ed28cde3d8bf3f1459b2f42f0e27d64801009f92
@@ -33236,7 +33236,7 @@ CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passin
 	[stretch] - rxvt <no-dsa> (Minor issue)
 	[jessie] - rxvt <no-dsa> (Minor issue)
 	[wheezy] - rxvt <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
+	NOTE: https://www.openwall.com/lists/oss-security/2017/05/01/15
 CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decoded wh ...)
 	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
 	- linux 4.11.11-1
@@ -33252,7 +33252,7 @@ CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download ov
 	- rkhunter 1.4.4-1 (bug #866677)
 	[stretch] - rkhunter 1.4.2-6+deb9u1
 	[jessie] - rkhunter 1.4.2-0.4+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/29/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/29/2
 	NOTE: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550&view=patch
 CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ...)
 	{DLA-944-1}
@@ -33277,7 +33277,7 @@ CVE-2017-7477 (Heap-based buffer overflow in drivers/net/macsec.c in the MACsec
 	- linux 4.9.25-1
 	[jessie] - linux <not-affected> (Introduced in 4.6)
 	[wheezy] - linux <not-affected> (Introduced in 4.6)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/25/4
 	NOTE: Fixed by: https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
 	NOTE: Fixed by: https://git.kernel.org/linus/5294b83086cc1c35b4efeca03644cf9d12282e5b
 CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ  ...)
@@ -33326,7 +33326,7 @@ CVE-2017-7467 (A buffer overflow flaw was found in the way minicom before versio
 	{DLA-914-1}
 	- minicom 2.7-1.1 (bug #860940)
 	[jessie] - minicom 2.7-1+deb8u1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/5
 CVE-2017-7466 (Ansible before version 2.3 has an input validation vulnerability in th ...)
 	- ansible 2.2.1.0-2
 	[jessie] - ansible <not-affected> (Vulnerable code not present)
@@ -33542,41 +33542,41 @@ CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #859329)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3
 	NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
 CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attac ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #859329)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3
 	NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
 CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attacker ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #859329)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3
 	NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
 CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attacker ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #859329)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3
 	NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
 CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncodi ...)
 	{DLA-929-1}
 	- libpodofo 0.9.4-5 (bug #859331)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/2
 	NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
 CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoF ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #859330)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/1
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847
 CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in  ...)
 	{DLA-1497-1 DLA-1035-1 DLA-965-1}
@@ -33584,7 +33584,7 @@ CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html
 	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/03/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/03/2
 	NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c
 CVE-2017-7376 (Buffer overflow in libxml2 allows remote attackers to execute arbitrar ...)
 	{DSA-3952-1 DLA-1060-1}
@@ -33743,7 +33743,7 @@ CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze b
 CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4
 CVE-2017-7307 (Riverbed RiOS before 9.0.1 does not properly restrict shell access in  ...)
 	NOT-FOR-US: Riverbed RiOS
 CVE-2017-7306 (** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password ...)
@@ -33973,7 +33973,7 @@ CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modu
 CVE-2017-7241 (A cross-site scripting (XSS) vulnerability in the MantisBT Move Attach ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4
 CVE-2017-7240 (An issue was discovered on Miele Professional PST10 devices. The corre ...)
 	NOT-FOR-US: Miele Professional PG 8528 PST10 devices
 CVE-2017-7239 (Ninka before 1.3.2 might allow remote attackers to obtain sensitive in ...)
@@ -34726,7 +34726,7 @@ CVE-2017-6974 (An issue was discovered in certain Apple products. macOS before 1
 CVE-2017-6973 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4
 CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an e ...)
 	NOT-FOR-US: AlienVault
 CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow rem ...)
@@ -34751,7 +34751,7 @@ CVE-2017-6967 (xrdp 0.9.1 calls the PAM function auth_start_session() in an inco
 	NOTE: https://github.com/neutrinolabs/xrdp/issues/350
 	NOTE: First attempt: https://github.com/neutrinolabs/xrdp/pull/694
 	NOTE: Followed by: https://github.com/neutrinolabs/xrdp/pull/696
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/18/1
 	NOTE: https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f
 CVE-2017-6966 (readelf in GNU Binutils 2.28 has a use-after-free (specifically read-a ...)
 	- binutils 2.28-3 (bug #858263)
@@ -36142,7 +36142,7 @@ CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp
 	[stretch] - libpodofo <no-dsa> (Minor issue)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/10
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
 	NOTE: https://sourceforge.net/p/podofo/tickets/8/
 	NOTE: Same fix as for CVE-2017-6845
@@ -36151,14 +36151,14 @@ CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in
 	- libpodofo 0.9.4-6 (bug #861565)
 	[stretch] - libpodofo <no-dsa> (Minor issue)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/9
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
 CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #861564)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/8
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
 CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace fun ...)
@@ -36166,7 +36166,7 @@ CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpac
 	[stretch] - libpodofo <no-dsa> (Minor issue)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/7
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
 	NOTE: https://sourceforge.net/p/podofo/tickets/9/
 	NOTE: Same fix as for CVE-2017-6845
@@ -36178,21 +36178,21 @@ CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo
 	NOTE: The motivation for no-dsa in wheezy is that there are no known
 	NOTE: services that use this library (apart from desktop applications)
 	NOTE: and the worst case is a DoS.
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/6
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp
 	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1892
 CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function  ...)
 	{DLA-929-1}
 	- libpodofo 0.9.4-5 (bug #861561)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/5
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
 	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
 CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad func ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #861560)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/4
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
@@ -36200,7 +36200,7 @@ CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #861559)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/3
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
@@ -36209,7 +36209,7 @@ CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement
 	[stretch] - libpodofo <no-dsa> (Minor issue)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/2
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
 	NOTE: https://sourceforge.net/p/podofo/tickets/10/
 	NOTE: Same fix as for CVE-2017-6845
@@ -36217,7 +36217,7 @@ CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #861557)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/1
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
@@ -36600,55 +36600,55 @@ CVE-2017-6306 (An issue was discovered in ytnef before 1.9.1. This is related to
 	- libytnef 1.9.1-1
 	[wheezy] - libytnef <not-affected> (vulnerable code not present)
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
 	{DSA-3846-1 DLA-878-1}
 	- libytnef 1.9.1-1
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
 	{DSA-3846-1 DLA-878-1}
 	- libytnef 1.9.1-1
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
 	{DSA-3846-1 DLA-878-1}
 	- libytnef 1.9.1-1
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
 	{DSA-3846-1 DLA-878-1}
 	- libytnef 1.9.1-1
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
 	{DSA-3846-1 DLA-878-1}
 	- libytnef 1.9.1-1
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
 	{DSA-3846-1 DLA-878-1}
 	- libytnef 1.9.1-1
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
 	{DSA-3846-1 DLA-878-1}
 	- libytnef 1.9.1-1
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
 	{DSA-3846-1 DLA-878-1}
 	- libytnef 1.9.1-1
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does n ...)
 	NOT-FOR-US: MikroTik RouterOS
@@ -37205,7 +37205,7 @@ CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artif
 	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
 	NOTE: Although jstest_main.c compiled during build and mujstest is created
 	NOTE: it is not included in the produced binary packages
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/18/1
 CVE-2017-6058 (Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU ( ...)
 	- qemu 1:2.8+dfsg-3 (bug #855616)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
@@ -37476,7 +37476,7 @@ CVE-2017-5973 (The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Qu
 	- qemu 1:2.8+dfsg-3 (bug #855611)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/13/11
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/13/11
 CVE-2017-5972 (The TCP stack in the Linux kernel 3.x does not properly implement a SY ...)
 	- linux 4.4.2-1
 	[jessie] - linux <ignored> (Known perfomance limitation)
@@ -37493,7 +37493,7 @@ CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows r
 	[stretch] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
 	[jessie] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
 	[wheezy] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/05/3
+	NOTE: https://www.openwall.com/lists/oss-security/2016/11/05/3
 	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
 	NOTE: Duplicate upstream bug (contains patch): https://bugzilla.gnome.org/show_bug.cgi?id=758422
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882
@@ -37527,7 +37527,7 @@ CVE-2017-5956 (The vrend_draw_vbo function in virglrenderer before 0.6.0 allows
 	- virglrenderer 0.6.0-1 (bug #858255)
 	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (0.6.0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421073
-	NOTE: The original fix opens a memory leak: http://www.openwall.com/lists/oss-security/2017/02/24/2
+	NOTE: The original fix opens a memory leak: https://www.openwall.com/lists/oss-security/2017/02/24/2
 	NOTE: Additional patch required: https://bugzilla.suse.com/attachment.cgi?id=715395
 CVE-2017-5955
 	RESERVED
@@ -37608,12 +37608,12 @@ CVE-2017-5931 (Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/8
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/8
 CVE-2017-5930 (The AliasHandler component in PostfixAdmin before 3.0.2 allows remote  ...)
 	- postfixadmin 3.0.2-1 (bug #854742)
 	[jessie] - postfixadmin <not-affected> (Vulnerable code not present)
 	[wheezy] - postfixadmin <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/6
 CVE-2017-5929 (QOS.ch Logback before 1.2.0 has a serialization vulnerability affectin ...)
 	{DLA-888-1}
 	- logback 1:1.1.9-3 (bug #857343)
@@ -37692,7 +37692,7 @@ CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
 	NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
 	NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/10/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/10/1
 CVE-2017-5895
 	RESERVED
 CVE-2017-5894
@@ -37751,13 +37751,13 @@ CVE-2017-5878 (The AMF unmarshallers in Red5 Media Server before 1.0.8 do not re
 CVE-2017-5938 (Cross-site scripting (XSS) vulnerability in the nav_path function in l ...)
 	{DSA-3784-1 DLA-820-1}
 	- viewvc 1.1.26-1 (bug #854681)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/08/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/08/7
 	NOTE: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
 CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows rem ...)
 	- openpyxl 2.3.0-3 (bug #854442)
 	[jessie] - openpyxl <not-affected> (vulnerable code not present)
 	[wheezy] - openpyxl <not-affected> (vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/5
 	NOTE: https://bitbucket.org/openpyxl/openpyxl/issues/749
 	NOTE: https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1
 CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication  ...)
@@ -37773,11 +37773,11 @@ CVE-2017-XXXX [irssi memory leak]
 	[jessie] - irssi <not-affected> (support for sasl not present)
 	[wheezy] - irssi <not-affected> (support for sasl not present)
 	NOTE: Patch: https://github.com/irssi/irssi/commit/19c51789967a2f63da033e60f6ef08848b9cd144
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2017/02/05/8
 CVE-2017-XXXX [irssi missing null terminator]
 	- irssi 1.0.1-1 (unimportant)
 	NOTE: Patch: https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
+	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2017/02/05/8
 CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken f ...)
 	{DLA-929-1}
 	- libpodofo 0.9.4-5 (bug #854604)
@@ -37830,17 +37830,17 @@ CVE-2017-5836 (The plist_free_data function in plist.c in libplist allows attack
 	[jessie] - libplist <no-dsa> (Minor issue)
 	[wheezy] - libplist <no-dsa> (pointers are not incorrectly freed and non-string key nodes are officially allowed)
 	NOTE: https://github.com/libimobiledevice/libplist/issues/86
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6
 CVE-2017-5835 (libplist allows attackers to cause a denial of service (large memory a ...)
 	{DLA-2168-1 DLA-840-1}
 	- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
 	NOTE: https://github.com/libimobiledevice/libplist/issues/88
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6
 CVE-2017-5834 (The parse_dict_node function in bplist.c in libplist allows attackers  ...)
 	{DLA-2168-1 DLA-840-1}
 	- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
 	NOTE: https://github.com/libimobiledevice/libplist/issues/89
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6
 CVE-2017-5829 (An access restriction bypass vulnerability in HPE Aruba ClearPass Poli ...)
 	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
 CVE-2017-5828 (An arbitrary command execution vulnerability in HPE Aruba ClearPass Po ...)
@@ -38223,75 +38223,75 @@ CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux
 	{DSA-3818-1 DLA-2164-1 DLA-830-1}
 	- gst-plugins-bad1.0 1.10.4-1 (low)
 	- gst-plugins-bad0.10 <unfixed> (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
 	NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
 CVE-2017-5847 (The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gs ...)
 	{DSA-3821-1 DLA-2226-1 DLA-829-1}
 	- gst-plugins-ugly1.0 1.10.4-1 (low)
 	- gst-plugins-ugly0.10 <removed> (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955
 	NOTE: https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
 CVE-2017-5846 (The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gs ...)
 	{DSA-3821-1 DLA-2226-1 DLA-829-1}
 	- gst-plugins-ugly1.0 1.10.3-1 (low)
 	- gst-plugins-ugly0.10 <removed> (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937
 CVE-2017-5845 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...)
 	{DSA-3820-1}
 	- gst-plugins-good1.0 1.10.3-1 (low)
 	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532
 CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
 	{DSA-3819-1 DLA-2126-1 DLA-827-1}
 	- gst-plugins-base1.0 1.10.3-1 (low)
 	- gst-plugins-base0.10 <removed> (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
 CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...)
 	{DSA-3818-1 DLA-2164-1 DLA-830-1}
 	- gst-plugins-bad1.0 1.10.3-1
 	- gst-plugins-bad0.10 <unfixed> (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
 CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c i ...)
 	{DSA-3819-1}
 	- gst-plugins-base1.0 1.10.3-1
 	- gst-plugins-base0.10 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502
 CVE-2017-5841 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...)
 	{DSA-3820-1}
 	- gst-plugins-good1.0 1.10.3-1 (low)
 	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500
 CVE-2017-5840 (The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plug ...)
 	{DSA-3820-1 DLA-2225-1 DLA-828-1}
 	- gst-plugins-good1.0 1.10.3-1 (low)
 	- gst-plugins-good0.10 <removed> (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469
 CVE-2017-5839 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
 	{DSA-3819-1}
 	- gst-plugins-base1.0 1.10.3-1
 	- gst-plugins-base0.10 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265
 CVE-2017-5838 (The gst_date_time_new_from_iso8601_string function in gst/gstdatetime. ...)
 	{DSA-3822-1}
 	- gstreamer1.0 1.10.3-1 (low)
 	- gstreamer0.10 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263
 CVE-2017-5837 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
 	{DSA-3819-1 DLA-2126-1 DLA-827-1}
 	- gst-plugins-base1.0 1.10.3-1 (low)
 	- gst-plugins-base0.10 <removed> (low)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262
 CVE-2017-5851 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...)
 	- mp3splt <unfixed> (unimportant)
@@ -38314,14 +38314,14 @@ CVE-2017-5857 (Memory leak in the virgl_cmd_resource_unref function in hw/displa
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/21
 CVE-2017-5856 (Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c i ...)
 	{DLA-1497-1}
 	- qemu 1:2.8+dfsg-3 (bug #853996)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/19
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/19
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342
 CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...)
@@ -38362,7 +38362,7 @@ CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/P
 	NOTE: further patch for ABI compatibility: https://sourceforge.net/p/podofo/mailman/message/36084628/
 CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRG ...)
 	- netpbm-free <not-affected> (vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/02/2
 	NOTE: Debian uses an unaffected fork:
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8
 CVE-2017-5850 (httpd in OpenBSD allows remote attackers to cause a denial of service  ...)
@@ -38422,14 +38422,14 @@ CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-
 CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the serve ...)
 	{DSA-4215-1 DLA-926-1}
 	- batik 1.9-1 (bug #860566)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/1
 	NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139
 	NOTE: Fixed by: http://svn.apache.org/r1743326
 	NOTE: Similar issue to CVE-2015-0250
 CVE-2017-5661 (In Apache FOP before 2.2, files lying on the filesystem of the server  ...)
 	{DSA-3864-1 DLA-927-1}
 	- fop 1:2.1-6 (bug #860567)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/2
 	NOTE: Upstream bug: https://issues.apache.org/jira/browse/FOP-2668
 	NOTE: Fixed by: http://svn.apache.org/r1769967
 	NOTE: Fixed by: http://svn.apache.org/r1769968 (fix for Java 6)
@@ -38464,13 +38464,13 @@ CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the r
 	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
 	- tomcat8 8.5.11-2 (bug #860071)
 	[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/21
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/21
 	NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x)
 CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handli ...)
 	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
 	- tomcat8 8.5.11-2 (bug #860070)
 	[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/22
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/22
 	NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x)
 CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by sett ...)
 	NOT-FOR-US: Apache Geode
@@ -38481,7 +38481,7 @@ CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to
 	- tomcat7 7.0.72-3
 	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
 	- tomcat6 <not-affected> (Only affects 7.0 an later)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/23
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/23
 	NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x)
 	NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
@@ -38493,7 +38493,7 @@ CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat
 	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
 	- tomcat6 6.0.41-3
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
-	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/24
+	NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/24
 	NOTE: Fixed by: http://svn.apache.org/r1788932 (8.5.x)
 	NOTE: Fixed by: http://svn.apache.org/r1788999 (8.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1789008 (7.0.x)
@@ -38512,7 +38512,7 @@ CVE-2017-5644 (Apache POI in versions prior to release 3.15 allows remote attack
 	[stretch] - libapache-poi-java <no-dsa> (Minor issue)
 	[jessie] - libapache-poi-java <no-dsa> (Minor issue)
 	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/20/9
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/20/9
 CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF via rem ...)
 	NOT-FOR-US: Apache Camel
 CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artif ...)
@@ -38594,14 +38594,14 @@ CVE-2017-5667 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/2
 CVE-2017-5668 (bitlbee-libpurple before 3.5.1 allows remote attackers to cause a deni ...)
 	- bitlbee 3.5.1-1 (bug #853282)
 	[jessie] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
 	[wheezy] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
 	NOTE: https://bugs.bitlbee.org/ticket/1282
 	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 (3.5.1)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4
 	NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189
 CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does no ...)
 	- firejail 0.9.44.6-1
@@ -38610,13 +38610,13 @@ CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS do
 	NOTE: https://github.com/netblue30/firejail/blob/0.9.44.6/RELNOTES
 	NOTE: https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f (0.9.44.6)
 	NOTE: https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 (0.9.44.6)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/4
 CVE-2017-5899 (Directory traversal vulnerability in the setuid root helper binary in  ...)
 	- s-nail 14.8.16-1 (bug #852934)
 	NOTE: https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html
 	NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160
 	NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/7
 CVE-2017-5628 (An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10 ...)
 	NOT-FOR-US: MuJS
 CVE-2017-5627 (An issue was discovered in Artifex Software, Inc. MuJS before 4006739a ...)
@@ -38625,7 +38625,7 @@ CVE-2017-5617 (The SVG Salamander (aka svgSalamander) library, when used in a we
 	{DSA-3781-1 DLA-816-1}
 	- svgsalamander 1.1.1+dfsg-2 (bug #853134)
 	NOTE: https://github.com/blackears/svgSalamander/issues/11
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/3
 CVE-2017-5608 (Cross-site scripting (XSS) vulnerability in the image upload function  ...)
 	- piwigo <removed>
 CVE-2017-5600 (The Data Warehouse component in NetApp OnCommand Insight before 7.2.3  ...)
@@ -38638,17 +38638,17 @@ CVE-2017-5612 (Cross-site scripting (XSS) vulnerability in wp-admin/includes/cla
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.2+dfsg-1 (bug #852767)
 	NOTE: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2
 CVE-2017-5611 (SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Qu ...)
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.2+dfsg-1 (bug #852767)
 	NOTE: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2
 CVE-2017-5610 (wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ...)
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.2+dfsg-1 (bug #852767)
 	NOTE: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2
 CVE-2017-5595 (A file disclosure and inclusion vulnerability exists in web/views/file ...)
 	{DLA-1145-1}
 	- zoneminder 1.30.4+dfsg-1 (bug #854733)
@@ -38688,17 +38688,17 @@ CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in j
 	[jessie] - jasper <no-dsa> (Minor issue)
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/10
 	NOTE: The POC only triggers an assertion failure but an overflow cannot be observed.
 CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 all ...)
 	- jasper <removed> (unimportant)
 	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/112
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/8
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/8
 	NOTE: Not suitable for code injection, hardly denial of service
 CVE-2017-6851 (The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows r ...)
 	- jasper <removed> (unimportant)
 	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/9
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/9
 	NOTE: Not suitable for code injection, hardly denial of service
 CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary files a ...)
 	- screen 4.5.0-3 (bug #852484)
@@ -38709,7 +38709,7 @@ CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary fi
 	NOTE: https://savannah.gnu.org/bugs/?50142
 	NOTE: Introduced in (screen-v4): http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58
 	NOTE: Introduced in (master): http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c575c40c9bd7653470639da32e06faed0a9b2ec4
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/24/10
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/24/10
 CVE-2017-5597 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector c ...)
 	{DSA-3811-1 DLA-858-1}
 	- wireshark 2.2.4+gcc3dc1b-1
@@ -38859,19 +38859,19 @@ CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6
 CVE-2017-5616 (Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allow ...)
 	{DLA-869-1}
 	- cgiemail <removed> (bug #852031)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6
 CVE-2017-5615 (cgiemail and cgiecho allow remote attackers to inject HTTP headers via ...)
 	{DLA-869-1}
 	- cgiemail <removed> (bug #852031)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6
 CVE-2017-5614 (Open redirect vulnerability in cgiemail and cgiecho allows remote atta ...)
 	{DLA-869-1}
 	- cgiemail <removed> (bug #852031)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6
 CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote atta ...)
 	{DLA-869-1}
 	- cgiemail <removed> (bug #852031)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6
 CVE-2017-5552 (Memory leak in the virgl_resource_attach_backing function in hw/displa ...)
 	- qemu 1:2.10.0-1 (bug #852119; unimportant)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
@@ -38920,7 +38920,7 @@ CVE-2017-5524 (Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attac
 	NOT-FOR-US: Plone
 CVE-2017-5537 (The password reset form in Weblate before 2.10.1 provides different er ...)
 	- weblate <itp> (bug #745661)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/18/11
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/18/11
 CVE-2017-5526 (Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows l ...)
 	{DLA-1497-1}
 	- qemu 1:2.8+dfsg-2 (bug #851910)
@@ -39536,77 +39536,77 @@ CVE-2017-5506 (Double free vulnerability in magick/profile.c in ImageMagick allo
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851383)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
 CVE-2017-5507 (Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x befo ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851382)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2017-5508 (Heap-based buffer overflow in the PushQuantumPixel function in ImageMa ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851381)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4
 CVE-2017-5509 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851377)
 	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
 	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/350
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2017-5510 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851376)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/348
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9
 CVE-2017-5511 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
 	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851374)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/347
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790
 CVE-2017-5487 (wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in t ...)
 	- wordpress 4.7.1+dfsg-1 (bug #851310)
 	[jessie] - wordpress <not-affected> (vulnerable code not present)
 	[wheezy] - wordpress <not-affected> (vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
 	NOTE: https://wpvulndb.com/vulnerabilities/8715
 	NOTE: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
 CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update ...)
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.1+dfsg-1 (bug #851310)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
 	NOTE: https://wpvulndb.com/vulnerabilities/8716
 	NOTE: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
 CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress before 4. ...)
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.1+dfsg-1 (bug #851310)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
 	NOTE: https://wpvulndb.com/vulnerabilities/8717
 CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name fallback fu ...)
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.1+dfsg-1 (bug #851310)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
 	NOTE: https://wpvulndb.com/vulnerabilities/8718
 	NOTE: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
 CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote attackers to  ...)
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.1+dfsg-1 (bug #851310)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
 	NOTE: https://wpvulndb.com/vulnerabilities/8719
 	NOTE: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
 CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the widget-editing  ...)
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.1+dfsg-1 (bug #851310)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
 	NOTE: https://wpvulndb.com/vulnerabilities/8720
 	NOTE: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
 CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ...)
 	{DSA-3779-1 DLA-813-1}
 	- wordpress 4.7.1+dfsg-1 (bug #851310)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
 	NOTE: https://wpvulndb.com/vulnerabilities/8721
 	NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
 CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of servi ...)
@@ -39650,7 +39650,7 @@ CVE-2017-5341 (The OTV parser in tcpdump before 4.9.0 has a buffer overflow in p
 	- tcpdump 4.9.0-1
 CVE-2017-5357 (regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of  ...)
 	- ed <not-affected> (Vulnerable code not present, cf #851159)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/5
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/5
 	NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1 since upstream
 	NOTE: changed a malloc'ed buffer for a static one.
 	NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html
@@ -39972,7 +39972,7 @@ CVE-2017-5207 (Firejail before 0.9.44.4, when running a bandwidth command, allow
 	- firejail 0.9.44.4-1 (bug #850528)
 	NOTE: https://github.com/netblue30/firejail/issues/1023
 	NOTE: Fixed by: https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/07/3
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/07/3
 CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, a ...)
 	- firejail 0.9.44.4-1 (bug #850558)
 	NOTE: Fixed by: https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e
@@ -40018,28 +40018,28 @@ CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a den
 	- irssi 0.8.21-1 (bug #850403)
 	[jessie] - irssi <not-affected> (Affects only 0.8.18 and later)
 	[wheezy] - irssi <not-affected> (Affects only 0.8.18 and later)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2
 	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
 	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
 CVE-2017-5195 (Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial o ...)
 	- irssi 0.8.21-1 (bug #850403)
 	[jessie] - irssi 0.8.17-1+deb8u3
 	[wheezy] - irssi <not-affected> (Affects only 0.8.17 and later)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2
 	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
 	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
 CVE-2017-5194 (Use-after-free vulnerability in Irssi before 0.8.21 allows remote atta ...)
 	{DLA-1217-1}
 	- irssi 0.8.21-1 (bug #850403)
 	[jessie] - irssi 0.8.17-1+deb8u3
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2
 	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
 	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
 CVE-2017-5193 (The nickcmp function in Irssi before 0.8.21 allows remote attackers to ...)
 	{DLA-1217-1}
 	- irssi 0.8.21-1 (bug #850403)
 	[jessie] - irssi 0.8.17-1+deb8u3
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2
 	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
 	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
 CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...)
@@ -40132,7 +40132,7 @@ CVE-2017-5136 (An issue was discovered on SendQuick Entera and Avera devices bef
 	NOT-FOR-US: SendQuick Entera and Avera devices
 CVE-2017-5180 (Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not ...)
 	- firejail 0.9.44.2-3 (bug #850160)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/04/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/04/1
 	NOTE: https://github.com/netblue30/firejail/issues/1020
 CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, possib ...)
 	NOT-FOR-US: Technicolor
@@ -40747,19 +40747,19 @@ CVE-2017-5332 (The extract_group_icon_cursor_resource in wrestool/extract.c in i
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/10/4
 	NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also the index correction in
 	NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a."
 CVE-2017-5331 (Integer overflow in the check_offset function in b/wrestool/fileread.c ...)
 	{DSA-3765-1 DLA-789-1}
 	- icoutils 0.31.1-1
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/10/4
 CVE-2017-5208 (Integer overflow in the wrestool program in icoutils before 0.31.1 all ...)
 	{DSA-3756-1 DLA-789-1}
 	- icoutils 0.31.0-4 (bug #850017)
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/08/1
 CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ...)
 	- php7.1 7.1.1-1 (bug #852022)
 	- php7.0 7.0.15-1 (bug #850158)
@@ -44411,7 +44411,7 @@ CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
 	NOTE: issue as well in 5.5 (in 5.5.49) and 5.6 (5.6.30) series resulting in
 	NOTE: opening CVE-2017-3305.
 	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1217506#c22
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/17/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/17/4
 CVE-2017-3304 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
 	- mysql-cluster <itp> (bug #833356)
 CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...)
@@ -44427,7 +44427,7 @@ CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.
 	NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5
 	NOTE: https://bugs.mysql.com/bug.php?id=70429
 	NOTE: https://bugs.mysql.com/bug.php?id=63363
-	NOTE: http://www.openwall.com/lists/oss-security/2017/01/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2017/01/28/1
 CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
 	NOT-FOR-US: Solaris
 CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
@@ -44887,7 +44887,7 @@ CVE-2017-3140 (If named is configured to use Response Policy Zones (RPZ) an erro
 	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7
 	NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7
 	NOTE: CVE-2017-3140 is introduced by the upstream change #4377
-	NOTE: http://www.openwall.com/lists/oss-security/2017/06/14/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/06/14/4
 CVE-2017-3139 (A denial of service flaw was found in the way BIND handled DNSSEC vali ...)
 	- bind9 <not-affected> (RHEL6 specific)
 CVE-2017-3138 (named contains a feature which allows operators to issue commands to a ...)
@@ -44904,7 +44904,7 @@ CVE-2017-3137 (Mistaken assumptions about the ordering of records in the answer
 	{DSA-3854-1 DLA-957-1}
 	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225)
 	NOTE: https://kb.isc.org/article/AA-01466
-	NOTE: Additional information for backporting patch: http://www.openwall.com/lists/oss-security/2017/04/17/5
+	NOTE: Additional information for backporting patch: https://www.openwall.com/lists/oss-security/2017/04/17/5
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=69fd759b4aa02047e42e5cf4227f8257c4547988
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6841d7b854c15df9ec56cab38da201b315bbcabb (reimplentation)
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix)
@@ -46046,7 +46046,7 @@ CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel t
 	{DLA-922-1}
 	- linux 4.9.25-1
 	[jessie] - linux 3.16.43-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/24/6
 	NOTE: Fixed by: https://git.kernel.org/linus/43a6684519ab0a6c52024b5e25322476cabad893
 CVE-2017-2670 (It was found in Undertow before 1.3.28 that with non-clean TCP close,  ...)
 	{DSA-3906-1}
@@ -46083,7 +46083,7 @@ CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-s
 	- pcs 0.9.155+dfsg-2 (bug #858379)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1428948
 	NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/23/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/23/2
 CVE-2017-2660
 	REJECTED
 CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...)
@@ -46151,7 +46151,7 @@ CVE-2017-2637 (A design flaw issue was found in the Red Hat OpenStack Platform d
 CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.1 ...)
 	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.16-1
-	NOTE: http://www.openwall.com/lists/oss-security/2017/03/07/6
+	NOTE: https://www.openwall.com/lists/oss-security/2017/03/07/6
 	NOTE: Fixed by: https://git.kernel.org/linus/82f2341c94d270421f383641b7cd670e474db56b (v4.11-rc2)
 	NOTE: https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
 CVE-2017-2635 (A NULL pointer deference flaw was found in the way libvirt from 2.5.0  ...)
@@ -46359,20 +46359,20 @@ CVE-2017-2582 (It was found that while parsing the SAML messages the StaxParserU
 CVE-2017-2581 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...)
 	- netpbm-free <undetermined> (bug #854978)
 	NOTE: Debian uses an old fork of netpbm
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
 	NOTE: PoC+report attached to #854978
 	NOTE: Similar code path seems protected by earlier stricter size checks ("object too large")
 CVE-2017-2580 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...)
 	- netpbm-free <undetermined> (bug #854978)
 	[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c and bpm/libpm.c rewritten, PoC triggers clean check "Zero byte allocation" missing in later versions)
 	NOTE: Debian uses an old fork of netpbm
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
 	NOTE: PoC+report attached to #854978
 CVE-2017-2579 (An out-of-bounds read vulnerability was found in netpbm before 10.61.  ...)
 	- netpbm-free <undetermined> (bug #854978)
 	[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c rewritten, PoC triggers clean application error handling)
 	NOTE: Debian uses an old fork of netpbm
-	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
+	NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1024288 (reproducer)
 CVE-2017-2577
 	REJECTED
@@ -49870,7 +49870,7 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a po
 	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
 	- rubygems <removed>
 	[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/10/10/2
+	NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2
 	NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
 	NOTE: Fixed by: https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
 CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ...)
@@ -51135,7 +51135,7 @@ CVE-2017-0359 (diffoscope before 77 writes to arbitrary locations on disk based
 CVE-2017-0358 (Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write ...)
 	{DSA-3780-1 DLA-815-1}
 	- ntfs-3g 1:2016.2.22AR.1-4
-	NOTE: PoC http://www.openwall.com/lists/oss-security/2017/02/04/1
+	NOTE: PoC https://www.openwall.com/lists/oss-security/2017/02/04/1
 CVE-2017-0357 (A heap-overflow flaw exists in the -tr loader of iucode-tool starting  ...)
 	- iucode-tool 2.1.1-1
 	[jessie] - iucode-tool <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index c2438df572..af456a8d5a 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -14318,7 +14318,7 @@ CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through
 	[buster] - openssh <ignored> (Minor issue)
 	[stretch] - openssh <ignored> (Minor issue)
 	[jessie] - openssh <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/27/2
 CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...)
 	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
@@ -15788,7 +15788,7 @@ CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware ve
 CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration vulnerability due t ...)
 	{DSA-4280-1 DLA-1474-1}
 	- openssh 1:7.7p1-4 (bug #906236)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/15/5
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/15/5
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
 	NOTE: https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
 	NOTE: PoC at https://bugfuzz.com/stuff/ssh-check-username.py
@@ -16686,7 +16686,7 @@ CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer Ove
 	{DLA-1505-1}
 	- zutils 1.7-3 (bug #902936; bug #904819)
 	[stretch] - zutils 1.5-5+deb9u1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/05/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/05/1
 	NOTE: https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
 	NOTE: Fixed by: upstream/0001-zcat-buffer-overrun.patch (in 1.7-3)
 CVE-2018-14938 (An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1. ...)
@@ -17391,22 +17391,22 @@ CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7
 	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904802)
 	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
 	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904801)
 	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
 	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904800)
 	NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in lib ...)
 	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904799)
 	NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14667 (The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression  ...)
 	NOT-FOR-US: RichFaces
 CVE-2018-14666 (An improper authorization flaw was found in the Smart Class feature of ...)
@@ -17648,7 +17648,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/28/1
 CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the NT ...)
 	{DSA-4286-1 DLA-1498-1}
 	- curl 7.62.0-1 (bug #908327)
@@ -18076,7 +18076,7 @@ CVE-2018-1999023 (The Battle for Wesnoth Project version 1.7.0 through 1.14.3 co
 	[stretch] - wesnoth-1.12 1:1.12.6-1+deb9u1
 	- wesnoth-1.10 <removed>
 	[jessie] - wesnoth-1.10 <end-of-life> (Games are not supported in Jessie)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/20/1
 	NOTE: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 (1.14.x)
 CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to t ...)
 	- mitmproxy 3.0.4-1 (bug #904293)
@@ -18315,7 +18315,7 @@ CVE-2018-14432 (In the Federation component of OpenStack Keystone before 11.0.4,
 	{DSA-4275-1}
 	- keystone 2:13.0.0-7 (bug #904616)
 	[jessie] - keystone <end-of-life> (Not supported in Jessie)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/25/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/25/2
 	NOTE: https://bugs.launchpad.net/keystone/+bug/1779205
 CVE-2018-14431
 	RESERVED
@@ -18391,7 +18391,7 @@ CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles sub
 	- mp4v2 <removed> (bug #904897)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
 	[jessie] - mp4v2 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/3
 CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::p ...)
 	NOT-FOR-US: axmldec
 CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out- ...)
@@ -18463,7 +18463,7 @@ CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses
 	- mp4v2 <removed> (bug #904898)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
 	[jessie] - mp4v2 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/17/1
 CVE-2018-14378
 	REJECTED
 CVE-2018-14377
@@ -18877,12 +18877,12 @@ CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant mem
 	- mp4v2 <removed> (bug #904900)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
 	[jessie] - mp4v2 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/16/1
 CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant memory c ...)
 	- mp4v2 <removed> (bug #904901)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
 	[jessie] - mp4v2 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/16/1
 CVE-2018-14240
 	RESERVED
 CVE-2018-14239
@@ -19264,12 +19264,12 @@ CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines
 	- znc 1.7.1-1 (bug #903787)
 	NOTE: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
 	NOTE: https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/4
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/4
 CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a we ...)
 	{DSA-4252-1 DLA-1427-1}
 	- znc 1.7.1-1 (bug #903788)
 	NOTE: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/5
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/5
 CVE-2018-14053
 	RESERVED
 CVE-2018-14052 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
@@ -19374,12 +19374,12 @@ CVE-2018-14054 (A double free exists in the MP4StringProperty class in mp4proper
 	- mp4v2 <removed> (bug #903859)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
 	[jessie] - mp4v2 <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/13/1
 CVE-2018-14036 (Directory Traversal with ../ sequences occurs in AccountsService befor ...)
 	- accountsservice 0.6.45-2 (low; bug #903828)
 	[stretch] - accountsservice <no-dsa> (Minor issue)
 	[jessie] - accountsservice <ignored> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/02/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/02/2
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=107085
 	NOTE: https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/f9abd359f71a5bce421b9ae23432f539a067847a
 CVE-2018-14035 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
@@ -20781,7 +20781,7 @@ CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel
 	{DSA-4266-1 DLA-1529-1 DLA-1466-1}
 	- linux 4.17.6-1
 	NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/13/2
 CVE-2018-13404 (The VerifyPopServerConnection resource in Atlassian Jira before versio ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-13403 (The two-dimensional filter statistics gadget in Atlassian Jira before  ...)
@@ -22946,7 +22946,7 @@ CVE-2018-12563 (An issue was discovered in Linaro LAVA before 2018.5.post1. Beca
 	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214
 CVE-2018-12562 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
 	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
 	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
 	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
 	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
@@ -22954,7 +22954,7 @@ CVE-2018-12562 (An issue was discovered in the cantata-mounter D-Bus service in
 	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
 CVE-2018-12561 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
 	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
 	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
 	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
 	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
@@ -22962,14 +22962,14 @@ CVE-2018-12561 (An issue was discovered in the cantata-mounter D-Bus service in
 	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
 CVE-2018-12560 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
 	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
 	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
 	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
 	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
 	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
 CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
 	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
 	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
 	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
 	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
@@ -23649,7 +23649,7 @@ CVE-2018-12356 (An issue was discovered in password-store.sh in pass in Simple P
 	NOTE: Introduced in: https://git.zx2c4.com/password-store/commit/?id=ff62f87f41557ab7267defab662324927301485a
 	NOTE: Fixed by: https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d
 	NOTE: https://neopg.io/blog/pass-signature-spoof/
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/14/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/14/3
 CVE-2018-12355 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or descriptio ...)
 	NOT-FOR-US: Knowage / SpagoBI
 CVE-2018-12354 (Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demons ...)
@@ -24542,12 +24542,12 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filenam
 	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=210e402acd3e284b32db1901e43bf1470e659e49 (STABLE-BRANCH-2-2)
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac (STABLE-BRANCH-1-4)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/13/10
 	NOTE: https://neopg.io/blog/gpg-signature-spoof/
 CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 interprets ...)
 	- enigmail 2:2.0.7-1
 	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/13/10
 	NOTE: https://neopg.io/blog/enigmail-signature-spoof/
 CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol implementation in G ...)
 	NOT-FOR-US: Go Ethereum
@@ -25181,12 +25181,12 @@ CVE-2018-11771 (When reading a specially crafted ZIP archive, the read method of
 	- libcommons-compress-java 1.18-1 (bug #906301)
 	[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
 	[jessie] - libcommons-compress-java <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/16/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/16/2
 CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master exposes a  ...)
 	- apache-spark <itp> (bug #802194)
 CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the database s ...)
 	- couchdb <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/08/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/08/2
 CVE-2018-11768 (In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1 ...)
 	- hadoop <itp> (bug #793644)
 CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS b ...)
@@ -25734,7 +25734,7 @@ CVE-2018-11574 (Improper input validation together with an integer overflow in t
 	[stretch] - ppp <not-affected> (Vulnerable code introduced later)
 	[jessie] - ppp <not-affected> (Vulnerable code introduced later)
 	[wheezy] - ppp <not-affected> (Vulnerable code introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/11/1
 	NOTE: https://www.nikhef.nl/~janjust/ppp/ppp-2.4.7-eaptls-mppe-1.101.patch
 CVE-2018-11573
 	RESERVED
@@ -27394,7 +27394,7 @@ CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1 and
 	- linux 4.13.4-1 (unimportant)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/27/1
 CVE-2018-10937 (A cross site scripting flaw exists in the tetonic-console component of ...)
 	NOT-FOR-US: OpenShift
 CVE-2018-10936 (A weakness was found in postgresql-jdbc before version 42.2.5. It was  ...)
@@ -27432,7 +27432,7 @@ CVE-2018-10932 (lldptool version 1.0.1 and older can print a raw, unsanitized at
 	NOTE: Terminal emulators need to perform proper escaping
 CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its Cobbler ...)
 	- cobbler <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/9
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/9
 CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...)
 	{DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
@@ -27498,7 +27498,7 @@ CVE-2018-10921 (Certain input files may trigger an integer overflow in ttembed i
 CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot Resolv ...)
 	- knot-resolver 2.4.1-1 (bug #905325)
 	NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
 CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an informatio ...)
 	{DSA-4271-1 DLA-1539-1}
 	- samba 2:4.8.4+dfsg-1
@@ -27596,7 +27596,7 @@ CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem.
 CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1 ...)
 	{DSA-4253-1 DLA-1454-1}
 	- network-manager-vpnc 1.2.6-1 (bug #904255)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/20/3
 	NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
 CVE-2018-10899 (A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affecte ...)
 	NOT-FOR-US: Jolokia
@@ -27614,7 +27614,7 @@ CVE-2018-10896 (The default cloud-init configuration, in cloud-init 0.6.2 and ne
 	NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
 CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...)
 	- qutebrowser 1.4.1-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/11/7
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/11/7
 	NOTE: https://github.com/qutebrowser/qutebrowser/issues/4060
 	NOTE: Introduced in: https://github.com/qutebrowser/qutebrowser/commit/ffc29ee (v1.0.0)
 	NOTE: Fixed in: https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660 (v1.4.1)
@@ -27779,7 +27779,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypti
 	{DLA-1495-1}
 	- git-annex 6.20180626-1
 	[stretch] - git-annex 6.20170101-1+deb9u2
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/26/4
 	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
 CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients processed ex ...)
 	{DSA-4271-1 DLA-1539-1}
@@ -27789,7 +27789,7 @@ CVE-2018-10857 (git-annex is vulnerable to a private data exposure and exfiltrat
 	{DLA-1495-1}
 	- git-annex 6.20180626-1
 	[stretch] - git-annex 6.20170101-1+deb9u2
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/26/4
 	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
 CVE-2018-10856 (It has been discovered that podman before version 0.6.1 does not drop  ...)
 	- libpod <not-affected> (Fixed before initial upload)
@@ -29063,14 +29063,14 @@ CVE-2018-1000178 (A heap corruption of type CWE-120 exists in quassel version 0.
 	- quassel 1:0.12.5-1 (bug #896914)
 	NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
 	NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/27/1
 CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 ...)
 	{DSA-4189-1}
 	- quassel 1:0.12.5-1 (bug #896915)
 	[wheezy] - quassel <no-dsa> (Minor issue)
 	NOTE: https://github.com/quassel/quassel/commit/e17fca767d60c06ca02bc5898ced04f06d3670bd (master)
 	NOTE: https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e (0.12)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/27/1
 CVE-2018-10370
 	RESERVED
 CVE-2018-10369 (A Cross-site scripting (XSS) vulnerability was discovered on Intelbras ...)
@@ -29155,7 +29155,7 @@ CVE-2018-10330
 CVE-2018-10361 (An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure ...)
 	- ktexteditor 5.47.0-1 (bug #896836)
 	[stretch] - ktexteditor <not-affected> (Introduced in 5.34.0)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/24/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/24/1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033055
 	NOTE: https://phabricator.kde.org/R39:c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590
 CVE-2018-10329 (app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on / ...)
@@ -29906,7 +29906,7 @@ CVE-2018-10058 (The remote management interface of cgminer 4.10.0 and bfgminer 5
 	[jessie] - cgminer <no-dsa> (Minor issue)
 	- bfgminer <removed> (bug #900930)
 	[jessie] - bfgminer <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/03/1
 	NOTE: Mitigated by toolchain hardening to plain crash
 CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 a ...)
 	- cgminer <unfixed> (bug #900929)
@@ -29914,7 +29914,7 @@ CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5
 	[jessie] - cgminer <no-dsa> (Minor issue)
 	- bfgminer <removed> (bug #900930)
 	[jessie] - bfgminer <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/03/1
 CVE-2018-10056
 	RESERVED
 CVE-2018-10055 (Invalid memory access and/or a heap buffer overflow in the TensorFlow  ...)
@@ -30358,7 +30358,7 @@ CVE-2018-1000168 (nghttp2 version &gt;= 1.10.0 and nghttp2 &lt;= v1.31.0 contain
 	[jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
 	NOTE: Affected versions: nghttp2 >= 1.10.0 and nghttp2 <= v1.31.0
 	NOTE: Fixed by: https://github.com/nghttp2/nghttp2/commit/b1bd6035e884b3d83748914a3b5f2a8e52a78a2f
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/12/4
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/12/4
 CVE-2018-9858
 	RESERVED
 CVE-2018-9857 (PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field ...)
@@ -31721,7 +31721,7 @@ CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_y
 	NOTE: https://github.com/Yubico/yubico-pam/issues/136
 CVE-2018-1002150 (Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access con ...)
 	- koji <not-affected> (Issue introduced in 1.12.0, cf. #894832)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/04/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/04/1
 	NOTE: https://docs.pagure.org/koji/CVE-2018-1002150/
 	NOTE: https://pagure.io/koji/issue/850
 	NOTE: Fixed by: https://pagure.io/koji/c/ab1ade7
@@ -32708,7 +32708,7 @@ CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and I
 	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
 	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
 	NOTE: https://xenbits.xen.org/xsa/advisory-260.html
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/4
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/08/4
 CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
 	NOT-FOR-US: 2345 Security Guard
 CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
@@ -33191,7 +33191,7 @@ CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook f
 	[wheezy] - ipython <ignored> (Too invasive to fix)
 	NOTE: After the reupload of ipython to Debian as 4.1.2-1 via experimental
 	NOTE: src:ipython does not provide anymore the Notebook
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/15/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/15/2
 	NOTE: Fixed by: https://github.com/jupyter/notebook/commit/4e79ebb49acac722b37b03f1fe811e67590d3831
 	NOTE: Ipython in Wheezy lacks sanitization of untrusted HTML completely
 	NOTE: which means in theory this CVE does not apply. However due to the absence of
@@ -33202,7 +33202,7 @@ CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook f
 CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an authentica ...)
 	{DSA-4168-1 DLA-1344-1}
 	- squirrelmail <removed> (bug #893202)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/17/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/17/2
 	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
 	NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
 CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a  ...)
@@ -34709,7 +34709,7 @@ CVE-2018-8041 (Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1
 CVE-2018-8040 (Pages that are rendered using the ESI plugin can have access to the co ...)
 	{DSA-4282-1}
 	- trafficserver 7.1.4+ds-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/2
 	NOTE: https://github.com/apache/trafficserver/pull/3926
 	NOTE: https://github.com/apache/trafficserver/commit/cea07c03274807c1588dbdf03baa1537d958c92f
 CVE-2018-8039 (It is possible to configure Apache CXF to use the com.sun.net.ssl impl ...)
@@ -34729,7 +34729,7 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefu
 	- libpdfbox2-java 2.0.11-1 (low)
 	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
 	[jessie] - libpdfbox-java <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/29/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/29/2
 CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
 	NOT-FOR-US: UIMA DUCC (subproject of Apache UIMA)
 	NOTE: https://uima.apache.org/security_report#CVE-2018-8035
@@ -34776,7 +34776,7 @@ CVE-2018-8023 (Apache Mesos can be configured to require authentication to call
 	- apache-mesos <itp> (bug #760315)
 CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffic Ser ...)
 	- trafficserver 7.0.0-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/1
 	NOTE: Only affects 6.x, marking 7.0 as the fixed version
 	NOTE: https://github.com/apache/trafficserver/pull/2147
 CVE-2018-8021 (Versions of Superset prior to 0.23 used an unsafe load method from the ...)
@@ -34827,14 +34827,14 @@ CVE-2018-8012 (No authentication/authorization is enforced when a server attempt
 	- zookeeper 3.4.10-2 (bug #899332)
 	[wheezy] - zookeeper <ignored> (changes are too intrusive to backport)
 	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/21/6
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/21/6
 	NOTE: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
 	NOTE: https://issues.apache.org/jira/secure/attachment/12840904/ZOOKEEPER-1045-br-3-4.patch
 CVE-2018-8011 (By specially crafting HTTP requests, the mod_md challenge handler woul ...)
 	- apache2 2.4.34-1 (bug #904107)
 	[stretch] - apache2 <not-affected> (Vulnerable code not present; mod_md module)
 	[jessie] - apache2 <not-affected> (Vulnerable code not present; mod_md module)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/2
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011
 CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relat ...)
 	- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
@@ -34858,14 +34858,14 @@ CVE-2018-8006 (An instance of a cross-site scripting vulnerability was identifie
 CVE-2018-8005 (When there are multiple ranges in a range request, Apache Traffic Serv ...)
 	{DSA-4282-1}
 	- trafficserver 7.1.4+ds-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/4
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/4
 	NOTE: https://github.com/apache/trafficserver/pull/3106
 	NOTE: https://github.com/apache/trafficserver/pull/3124
 	NOTE: https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
 CVE-2018-8004 (There are multiple HTTP smuggling and cache poisoning issues when clie ...)
 	{DSA-4282-1}
 	- trafficserver 7.1.4+ds-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/5
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/5
 	NOTE: https://github.com/apache/trafficserver/pull/3192
 	NOTE: https://github.com/apache/trafficserver/pull/3201
 	NOTE: https://github.com/apache/trafficserver/pull/3231
@@ -36952,7 +36952,7 @@ CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap me
 	- clamav 0.99.3~beta1+dfsg-1
 	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
 	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
-	NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
+	NOTE: https://www.openwall.com/lists/oss-security/2017/09/29/4
 CVE-2018-1000084 (WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site S ...)
 	NOT-FOR-US: WolfCMS
 CVE-2018-1000083 (Ajenti version version 2 contains a Improper Error Handling vulnerabil ...)
@@ -38363,7 +38363,7 @@ CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. da
 CVE-2018-6789 (An issue was discovered in the base64d function in the SMTP listener i ...)
 	{DSA-4110-1 DLA-1274-1}
 	- exim4 4.90.1-1 (bug #890000)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/02/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/02/07/2
 	NOTE: https://exim.org/static/doc/security/CVE-2018-6789.txt
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2235
 	NOTE: https://git.exim.org/exim.git/commit/062990cc1b2f9e5d82a413b53c8f0569075de700
@@ -39024,11 +39024,11 @@ CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will uncond
 CVE-2018-6555 (The irda_setsockopt function in net/irda/af_irda.c and later in driver ...)
 	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
 	- linux 4.17.3-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/09/04/2
 CVE-2018-6554 (Memory leak in the irda_bind function in net/irda/af_irda.c and later  ...)
 	{DSA-4308-1 DLA-1715-1 DLA-1531-1 DLA-1529-1}
 	- linux 4.17.3-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/09/04/2
 CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend due t ...)
 	{DSA-4243-1 DLA-1426-1}
 	- cups 2.2.8-5 (bug #903605)
@@ -39110,13 +39110,13 @@ CVE-2018-6535 (An issue was discovered in Icinga 2.x through 2.8.1. The lack of
 	[jessie] - icinga2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icinga2/issues/4920
 	NOTE: https://github.com/Icinga/icinga2/pull/5715
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
 CVE-2018-6534 (An issue was discovered in Icinga 2.x through 2.8.1. By sending specia ...)
 	- icinga2 2.8.4-1 (low; bug #897301)
 	[stretch] - icinga2 <no-dsa> (Minor issue)
 	[jessie] - icinga2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icinga2/pull/6104
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
 CVE-2018-6533 (An issue was discovered in Icinga 2.x through 2.8.1. By editing the in ...)
 	- icinga2 2.8.4-1 (low; bug #897301)
 	[stretch] - icinga2 <no-dsa> (Minor issue)
@@ -39130,7 +39130,7 @@ CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending s
 	[stretch] - icinga2 <no-dsa> (Minor issue)
 	[jessie] - icinga2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icinga2/pull/6103
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
 CVE-2018-6531
 	RESERVED
 CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin ...)
@@ -42476,7 +42476,7 @@ CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_spac
 CVE-2018-5702 (Transmission through 2.92 relies on X-Transmission-Session-Id (which i ...)
 	{DSA-4087-1 DLA-1246-1}
 	- transmission 2.92-3 (bug #886990)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/01/12/1
 	NOTE: https://github.com/transmission/transmission/pull/468
 	NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
@@ -42563,7 +42563,7 @@ CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of g
 	[jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
 	- eglibc <removed>
 	[wheezy] - eglibc <postponed> (Minor issue, can be fixed along in next DSA)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/01/11/5
+	NOTE: https://www.openwall.com/lists/oss-security/2018/01/11/5
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
 CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be e ...)
@@ -42726,7 +42726,7 @@ CVE-2018-1000022 (Electrum Technologies GmbH Electrum Bitcoin Wallet version pri
 	- electrum 3.0.5-1 (bug #886683)
 	[jessie] - electrum <not-affected> (Only affects >= 2.6)
 	NOTE: https://github.com/spesmilo/electrum/issues/3374
-	NOTE: http://www.openwall.com/lists/oss-security/2018/01/10/4
+	NOTE: https://www.openwall.com/lists/oss-security/2018/01/10/4
 CVE-2018-5300
 	RESERVED
 CVE-2018-5299 (A stack-based Buffer Overflow Vulnerability exists in the web server i ...)
@@ -46394,7 +46394,7 @@ CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper au
 CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions Affe ...)
 	{DSA-4242-1 DLA-1419-1}
 	- ruby-sprockets 3.7.0-1.1 (bug #901913)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/06/19/2
 	NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f (master)
 	NOTE: https://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441 (3.x)
 	NOTE: https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5 (2.x)
@@ -48828,7 +48828,7 @@ CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
 	- mysql-5.7 5.7.23-1 (bug #904121)
 	- mysql-5.5 <removed>
 	[wheezy] - mysql-5.5 <postponed> (Wait for next upstream security/bugfix release)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/08/2
 	NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
 	NOTE: Oracle products.
 	NOTE: For MariaDB: if one connects to the remote server using the embedded library
@@ -51910,11 +51910,11 @@ CVE-2018-1340 (Prior to 1.0.0, Apache Guacamole used a cookie for client-side st
 CVE-2018-1339 (A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...)
 	- tika 1.18-1 (low; bug #900000)
 	[jessie] - tika <ignored> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/7
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/7
 CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...)
 	- tika 1.18-1
 	[jessie] - tika <not-affected> (BGP parser introduced in 1.7)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/6
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/6
 CVE-2018-1337 (In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Fi ...)
 	NOT-FOR-US: Apache LDAP API
 CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with supplementar ...)
@@ -51933,7 +51933,7 @@ CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with supplem
 CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send carefully cr ...)
 	- tika 1.18-1
 	[jessie] - tika <not-affected> (Server functionality not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/8
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/8
 CVE-2018-1334 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using  ...)
 	- apache-spark <itp> (bug #802194)
 CVE-2018-1333 (By specially crafting HTTP/2 requests, workers would be allocated 60 s ...)
@@ -51942,7 +51942,7 @@ CVE-2018-1333 (By specially crafting HTTP/2 requests, workers would be allocated
 	[jessie] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: Affects 2.4.18-2.4.33
 	NOTE: HTTP/2 support introduced in 2.4.17
-	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
 CVE-2018-1332 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version ...)
 	NOT-FOR-US: Apache Storm
@@ -51987,7 +51987,7 @@ CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that ca
 CVE-2018-1318 (Adding method ACLs in remap.config can cause a segfault when the user  ...)
 	{DSA-4282-1}
 	- trafficserver 7.1.4+ds-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/3
 	NOTE: https://github.com/apache/trafficserver/pull/3195
 	NOTE: https://github.com/apache/trafficserver/commit/e6dfda305acf85250861ecfa14a7bd6bb2fad5c3
 CVE-2018-1317 (In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by de ...)
@@ -52002,11 +52002,11 @@ CVE-2018-1313 (In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted networ
 	- derby 10.14.2.0-1
 	[jessie] - derby <no-dsa> (Minor issue)
 	[stretch] - derby <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/05/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/05/1
 CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authen ...)
 	{DSA-4164-1 DLA-1389-1}
 	- apache2 2.4.33-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/7
 CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-fre ...)
 	- xerces-c <unfixed> (bug #947431)
 	[buster] - xerces-c <postponed> (Minor issue, revisit when fixed upstream)
@@ -52023,7 +52023,7 @@ CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Mali
 CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 rela ...)
 	{DSA-4194-1 DLA-1360-1}
 	- lucene-solr 3.6.2+dfsg-12 (bug #896604)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/08/3
 	NOTE: https://issues.apache.org/jira/browse/SOLR-11971
 	NOTE: master: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/02c693f3
 	NOTE: branch_7x: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/739a7933
@@ -52062,18 +52062,18 @@ CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Ap
 	{DSA-4164-1}
 	- apache2 2.4.33-1
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/3
 CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache HT ...)
 	- apache2 2.4.33-1
 	[stretch] - apache2 2.4.25-3+deb9u5
 	[jessie] - apache2 <not-affected> (Vulnerable code not present)
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: HTTP/2 support introduced in 2.4.17
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/5
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/5
 CVE-2018-1301 (A specially crafted request could have crashed the Apache HTTP Server  ...)
 	{DSA-4164-1 DLA-1389-1}
 	- apache2 2.4.33-1
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/2
 CVE-2018-1300
 	REJECTED
 CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may retrieve  ...)
@@ -52090,7 +52090,7 @@ CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x a
 	[stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
 	[jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
 	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/02/11/1
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
 CVE-2018-1296 (In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5 ...)
 	- hadoop <itp> (bug #793644)
@@ -52118,7 +52118,7 @@ CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (R
 	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
 	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
 	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/02/11/2
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
 CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged us ...)
 	NOT-FOR-US: Apache OpenMeetings
@@ -52135,7 +52135,7 @@ CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured t
 	{DSA-4164-1}
 	- apache2 2.4.33-1
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/4
+	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/4
 CVE-2018-1282 (This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows ca ...)
 	NOT-FOR-US: Apache Hive
 CVE-2018-1281 (The clustered setup of Apache MXNet allows users to specify which IP a ...)
@@ -52511,48 +52511,48 @@ CVE-2018-1127 (Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immed
 CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect integer  ...)
 	{DSA-4208-1 DLA-1390-1}
 	- procps 2:3.3.15-1 (bug #899170)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 	NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
 	NOTE: https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
 CVE-2018-1125 (procps-ng before version 3.3.15 is vulnerable to a stack buffer overfl ...)
 	{DSA-4208-1 DLA-1390-1}
 	- procps 2:3.3.15-1 (bug #899170)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 	NOTE: Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
 	NOTE: https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
 CVE-2018-1124 (procps-ng before version 3.3.15 is vulnerable to multiple integer over ...)
 	{DSA-4208-1 DLA-1390-1}
 	- procps 2:3.3.15-1 (bug #899170)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 	NOTE: Patch: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
 	NOTE: https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
 CVE-2018-1123 (procps-ng before version 3.3.15 is vulnerable to a denial of service i ...)
 	{DSA-4208-1 DLA-1390-1}
 	- procps 2:3.3.15-1 (bug #899170)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 	NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
 	NOTE: https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
 CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local privilege esc ...)
 	{DSA-4208-1 DLA-1390-1}
 	- procps 2:3.3.15-1 (bug #899170)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 	NOTE: Patch: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
 	NOTE: https://gitlab.com/procps-ng/procps/commit/b45c4803dd176f4e3f9d3d47421ddec9bbbe66cd
 CVE-2018-1121 (procps-ng, procps is vulnerable to a process hiding through race condi ...)
 	- linux <unfixed> (unimportant)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 CVE-2018-1120 (A flaw was found affecting the Linux kernel before version 4.17. By mm ...)
 	{DLA-1423-1}
 	- linux 4.16.12-1
 	[stretch] - linux 4.9.107-1
 	[jessie] - linux <ignored> (Too risky to backport)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 	NOTE: Fixed by: https://git.kernel.org/linus/7f7ccc2ccc2e70c6054685f5e3522efa81556830
 CVE-2018-1119
@@ -52600,7 +52600,7 @@ CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and
 CVE-2018-1110 [Improper Input Validation]
 	RESERVED
 	- knot-resolver 2.3.0-1 (bug #896681)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/2
 CVE-2018-1109
 	RESERVED
 	- node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
@@ -52623,7 +52623,7 @@ CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before
 	- packagekit 1.1.10-1 (bug #896703)
 	[jessie] - packagekit <not-affected> (Issue introduced later)
 	[wheezy] - packagekit <not-affected> (Issue introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/3
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/3
 	NOTE: Fixed by: https://github.com/hughsie/PackageKit/commit/7e8a7905ea9abbd1f384f05f36a4458682cd4697 (PACKAGEKIT_1_1_10)
 	NOTE: Introduced by: https://github.com/hughsie/PackageKit/commit/f176976e24e8c17b80eff222572275517c16bdad
 	NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9
@@ -52695,7 +52695,7 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr
 	{DLA-1428-1}
 	- 389-ds-base 1.3.8.2-1 (bug #898138)
 	[stretch] - 389-ds-base <no-dsa> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/07/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2
 CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...)
 	- glusterfs 4.0.2-1 (bug #896128)
 	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
@@ -52713,11 +52713,11 @@ CVE-2018-1087 (kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4
 	- linux 4.15.17-1
 	[wheezy] - linux <not-affected> (Issue introduced in 3.16)
 	NOTE: Fixed by: https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/5
+	NOTE: https://www.openwall.com/lists/oss-security/2018/05/08/5
 CVE-2018-1086 (pcs before versions 0.9.164 and 0.10 is vulnerable to a debug paramete ...)
 	{DSA-4169-1}
 	- pcs 0.9.164-1 (bug #895313)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/09/2
 CVE-2018-1085 (openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigur ...)
 	NOT-FOR-US: openshift-ansible
 CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflow in  ...)
@@ -52725,7 +52725,7 @@ CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflo
 	- corosync 2.4.4-1 (bug #895653)
 	[jessie] - corosync <not-affected> (Vulnerable code introduced later)
 	[wheezy] - corosync <not-affected> (Vulnerable code introduced later)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/12/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/12/2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552830
 	NOTE: Fixed by: https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
 	NOTE: https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html
@@ -52748,7 +52748,7 @@ CVE-2018-1080 (Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAu
 CVE-2018-1079 (pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escal ...)
 	- pcs 0.9.164-1 (bug #895314)
 	[stretch] - pcs <not-affected> (Vulnerable code introduced in 0.9.157)
-	NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
+	NOTE: https://www.openwall.com/lists/oss-security/2018/04/09/2
 CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a vulnerability du ...)
 	NOT-FOR-US: OpenDayLight
 CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing for the d ...)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 8069b48452..50fd71b19d 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -563,19 +563,19 @@ CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd
 	[stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
 	NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
-	NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
 CVE-2020-24331 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
 	- trousers <unfixed>
 	[stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
 	NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
-	NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
 CVE-2020-24330 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
 	- trousers <unfixed>
 	[stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
 	NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
-	NOTE: http://www.openwall.com/lists/oss-security/2020/08/14/1
+	NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
 CVE-2020-24329
 	RESERVED
 CVE-2020-24328
@@ -30634,7 +30634,7 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b
 	[buster] - u-boot <no-dsa> (Minor issue)
 	[stretch] - u-boot <no-dsa> (Minor issue)
 	[jessie] - u-boot <ignored> (Minor issue)
-	NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
+	NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/5
 	NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
 	NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
 CVE-2020-10647
author	Salvatore Bonaccorso <carnil@debian.org>	2020-08-24 16:17:56 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-08-24 16:17:56 +0200
commit	cfa07fd63fbd44ca02a75eea22c4af64fc91ea00 (patch)
tree	9fe58f41585cba5f744d66cb7bb5f75612504923
parent	b68fc0233f80c307d2cadab9ac883641eb8095b2 (diff)