[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-12904 for libgcrypt as not-affected in jessie

Sat, 29 Jun 2019 14:56:47 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
43cf9ee6 by Thorsten Alteholz at 2019-06-29T21:48:21Z
mark CVE-2019-12904 for libgcrypt as not-affected in jessie

- - - - -
0046b19c by Thorsten Alteholz at 2019-06-29T21:48:51Z
libgcrypt is not affected in jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -347,6 +347,7 @@ CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the 
filename to the ?module=fi
 CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable 
to a flu ...)
        - libgcrypt20 <unfixed> (bug #930885)
        - libgcrypt11 <removed>
+       [jessie] - libgcrypt20 <not-affected> (Vulnerable code introduced later 
in version 1.7.0)
        NOTE: https://dev.gnupg.org/T4541
        NOTE: 
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
        NOTE: 
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762


=====================================
data/dla-needed.txt
=====================================
@@ -57,8 +57,6 @@ libav
   NOTE: 20190529: has been found, so far. If you pick libav, be prepared to 
work
   NOTE: 20190529: out patches yourself.
 --
-libgcrypt20 (Thorsten Alteholz)
---
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at 
them.
   NOTE: triage work needed, help security team for fixes if needed.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd484a964f2f92b31ed89bc2f739621ff7380d0b...0046b19c933f73a1a7240b72933d3e347e9976db

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd484a964f2f92b31ed89bc2f739621ff7380d0b...0046b19c933f73a1a7240b72933d3e347e9976db
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to