Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51c61899 by Salvatore Bonaccorso at 2019-03-15T07:23:03Z
Reference review patches for CVE-2017-17689
- - - - -
d321795a by Salvatore Bonaccorso at 2019-03-15T07:26:08Z
CVE-2017-17689: reference upstream tags containing the patches
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -72291,6 +72291,9 @@ CVE-2017-17689 (The S/MIME specification allows a
Cipher Block Chaining (CBC) ..
NOTE: https://dot.kde.org/2018/05/15/efail-and-kmail
NOTE: protocol vulnerability can't be fixed in implementations but they
can prevent exploitation by disabling loading of remote content
NOTE: kmail bug is #898634, but src:kmail is not affected, the code in
question is in kf5-messagelib
+ NOTE: kf5-messagelib: https://phabricator.kde.org/D12391 (v18.04.1)
+ NOTE: kf5-messagelib: https://phabricator.kde.org/D12393 (v18.04.1)
+ NOTE: kmail: https://phabricator.kde.org/D12394
CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher
Feedback Mode ...)
- enigmail 2:2.0.6.1-4 (bug #898630)
[jessie] - enigmail <end-of-life> (see
https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c0b7bb548198e2d93887737f31d3a66bb80f7105...d321795ab3df40e543943f4e486b1c3423dd4db9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c0b7bb548198e2d93887737f31d3a66bb80f7105...d321795ab3df40e543943f4e486b1c3423dd4db9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
