[Git][security-tracker-team/security-tracker][master] mark gnupg1 as unimportant

Mon, 24 Apr 2023 14:03:06 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
19fcbd79 by Moritz Muehlenhoff at 2023-04-24T23:02:30+02:00
mark gnupg1 as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -273843,11 +273843,7 @@ CVE-2019-14855 (A flaw was found in the way 
certificate signatures could be forg
        [buster] - gnupg2 <ignored> (Minor issue)
        [stretch] - gnupg2 <no-dsa> (Minor issue)
        [jessie] - gnupg2 <ignored> (No backport to version << 2.2.x, low 
impact, danger of breaking things)
-       - gnupg1 <unfixed> (low)
-       [bookworm] - gnupg1 <ignored> (Minor issue)
-       [bullseye] - gnupg1 <ignored> (Minor issue)
-       [buster] - gnupg1 <ignored> (Minor issue)
-       [stretch] - gnupg1 <no-dsa> (Minor issue)
+       - gnupg1 <unfixed> (unimportant)
        - gnupg <removed> (low)
        [jessie] - gnupg <ignored> (No backport to version << 2.2.x, low 
impact, danger of breaking things)
        NOTE: https://dev.gnupg.org/T4755
@@ -273855,6 +273851,7 @@ CVE-2019-14855 (A flaw was found in the way 
certificate signatures could be forg
        NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e
        NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dd18be979e138dd3712315ee390463e8ee1fe8c1
        NOTE: https://eprint.iacr.org/2020/014.pdf
+       NOTE: Negligible security impact for gnupg1 which is only provided to 
decrypt legacy secrets
 CVE-2019-14854 (OpenShift Container Platform 4 does not sanitize secret data 
written t ...)
        NOT-FOR-US: OpenShift
 CVE-2019-14853 (An error-handling flaw was found in python-ecdsa before 
version 0.13.3 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19fcbd79fc2331d7cbad6ab1907e11d919f80a9c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19fcbd79fc2331d7cbad6ab1907e11d919f80a9c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to