Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76ab9aed by Ola Lundqvist at 2019-10-24T13:16:19Z
Marking libcrypt++ CVE as no-dsa since it was done also for buster and stretch.
Similar issues exist in libcrypt in the past and it was too not fixed. Since
this is the last issue in the list it is also removed from dla-needed.txt.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -12511,6 +12511,7 @@ CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a
timing side channel in ECD
- libcrypto++ 5.6.4-9 (low; bug #934326)
[buster] - libcrypto++ <no-dsa> (Minor issue)
[stretch] - libcrypto++ <no-dsa> (Minor issue)
+ [jessie] - libcrypto++ <no-dsa> (Minor issue)
NOTE: https://github.com/weidai11/cryptopp/issues/869
CVE-2019-14317
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -59,8 +59,6 @@ libav
NOTE: 20190831: might fix the issue. Furthermore, most libav bugs have PoCs,
NOTE: 20190831: so there is something one can test with and see if the fix
worked.
--
-libcrypto++
---
libmatio (Adrian Bunk)
NOTE: fairly high number of open issues. Not sure why we never had a look at
them.
NOTE: triage work needed, help security team for fixes if needed.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/76ab9aed7a11978a589c8a83a3d5d07371107490
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/76ab9aed7a11978a589c8a83a3d5d07371107490
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
