Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 48e66bd2 by Salvatore Bonaccorso at 2018-04-16T06:52:06+02:00 Mark CVE-2018-6594 as fixed There are pending issues upstream, which might require an interface change. Basically anyway, upstream feels this is not an issue in the library itself but in an application using it in an insecure manner. See as well the corresponding gnupg/libgcyrpt* CVE. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -9177,7 +9177,7 @@ CVE-2018-6595 RESERVED CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates ...) - pycryptodome 3.4.11-1 (bug #889998) - - python-crypto <unfixed> (bug #889999) + - python-crypto 2.6.1-9 (bug #889999) [stretch] - python-crypto <no-dsa> (Minor issue) [jessie] - python-crypto <no-dsa> (Minor issue) [wheezy] - python-crypto <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48e66bd2b40fd564e85e9f42f90e82086cd2847c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48e66bd2b40fd564e85e9f42f90e82086cd2847c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits