Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: 76ab9aed by Ola Lundqvist at 2019-10-24T13:16:19Z Marking libcrypt++ CVE as no-dsa since it was done also for buster and stretch. Similar issues exist in libcrypt in the past and it was too not fixed. Since this is the last issue in the list it is also removed from dla-needed.txt. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -12511,6 +12511,7 @@ CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a timing side channel in ECD - libcrypto++ 5.6.4-9 (low; bug #934326) [buster] - libcrypto++ <no-dsa> (Minor issue) [stretch] - libcrypto++ <no-dsa> (Minor issue) + [jessie] - libcrypto++ <no-dsa> (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/869 CVE-2019-14317 RESERVED ===================================== data/dla-needed.txt ===================================== @@ -59,8 +59,6 @@ libav NOTE: 20190831: might fix the issue. Furthermore, most libav bugs have PoCs, NOTE: 20190831: so there is something one can test with and see if the fix worked. -- -libcrypto++ --- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. NOTE: triage work needed, help security team for fixes if needed. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76ab9aed7a11978a589c8a83a3d5d07371107490 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/76ab9aed7a11978a589c8a83a3d5d07371107490 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits