[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2018-1084{4,5}/gnutls28 as no-dsa for stretch

Sat, 06 Oct 2018 06:07:12 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a7494819 by Salvatore Bonaccorso at 2018-10-06T13:05:09Z
Mark CVE-2018-1084{4,5}/gnutls28 as no-dsa for stretch

- - - - -
abb6a39e by Salvatore Bonaccorso at 2018-10-06T13:06:20Z
Record proposed fixes for gnutls28 via stretch-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18054,6 +18054,7 @@ CVE-2018-10846 (A cache-based side channel in GnuTLS 
implementation that leads t
        NOTE: https://eprint.iacr.org/2018/747
 CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 
was ...)
        - gnutls28 3.5.19-1
+       [stretch] - gnutls28 <no-dsa> (Will be fixed via pu)
        - gnutls26 <removed>
        NOTE: https://gitlab.com/gnutls/gnutls/issues/455
        NOTE: 
https://gitlab.com/gnutls/gnutls/commit/cc14ec5ece856cb083d64e6a5a8657323da661cb
 (master)
@@ -18062,6 +18063,7 @@ CVE-2018-10845 (It was found that the GnuTLS 
implementation of HMAC-SHA-384 was
        NOTE: https://eprint.iacr.org/2018/747
 CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 
was ...)
        - gnutls28 3.5.19-1
+       [stretch] - gnutls28 <no-dsa> (Will be fixed via pu)
        - gnutls26 <removed>
        NOTE: https://gitlab.com/gnutls/gnutls/issues/456
        NOTE: 
https://gitlab.com/gnutls/gnutls/commit/29ffa2a1fa4cc396c5d1563a3e5cdca0174de28b
 (master)


=====================================
data/next-point-update.txt
=====================================
@@ -88,3 +88,7 @@ CVE-2018-5711
        [stretch] - libgd2 2.2.4-2+deb9u3
 CVE-2018-1000222
        [stretch] - libgd2 2.2.4-2+deb9u3
+CVE-2018-10844
+       [stretch] - gnutls28 3.5.8-5+deb9u4)
+CVE-2018-10845
+       [stretch] - gnutls28 3.5.8-5+deb9u4)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/432e9cb2e21cb3425e36f3f46978c80d6a70eedc...abb6a39e8372fa1a5078692244557946dc5f8197

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/432e9cb2e21cb3425e36f3f46978c80d6a70eedc...abb6a39e8372fa1a5078692244557946dc5f8197
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to