Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4adfc16 by Salvatore Bonaccorso at 2019-10-12T07:45:13Z
Add new CVE-2019-14853 and CVE-2019-14859 for python-ecdsa
Needs to be checked on the exact commits for each in case fixes want to
be backported.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7309,8 +7309,14 @@ CVE-2019-14861
RESERVED
CVE-2019-14860
RESERVED
-CVE-2019-14859
+CVE-2019-14859 [DER encoding is not being verified in signatures]
RESERVED
+ - python-ecdsa 0.13.3-1
+ NOTE: https://github.com/warner/python-ecdsa/issues/114
+ NOTE: Upstream patches:
+ NOTE: https://github.com/warner/python-ecdsa/pull/115
+ NOTE: https://github.com/warner/python-ecdsa/pull/124
+ NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
CVE-2019-14858 [sub parameters marked as no_log are not masked in certain
failure scenarios]
RESERVED
- ansible <undetermined>
@@ -7330,6 +7336,12 @@ CVE-2019-14854
NOT-FOR-US: OpenShift
CVE-2019-14853
RESERVED
+ - python-ecdsa 0.13.3-1
+ NOTE: https://github.com/warner/python-ecdsa/issues/114
+ NOTE: Upstream patches:
+ NOTE: https://github.com/warner/python-ecdsa/pull/115
+ NOTE: https://github.com/warner/python-ecdsa/pull/124
+ NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
CVE-2019-14852
RESERVED
CVE-2019-14851 [assertion failure by issuing commands in the wrong order]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4adfc1684715ff3f01704e7adba741c493f10be
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4adfc1684715ff3f01704e7adba741c493f10be
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
