[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: triage ipython as ignored in wheezy instead of just no-dsa

Antoine Beaupré Wed, 11 Apr 2018 13:22:00 -0700

Antoine Beaupré pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e0d312af by Antoine Beaupré at 2018-04-11T16:19:56-04:00
triage ipython as ignored in wheezy instead of just no-dsa

we do not need to look back into that so use the more standard
approach to fixing this.

- - - - -
0e4f8bf1 by Antoine Beaupré at 2018-04-11T16:19:57-04:00
triage libgcrypt out of lts

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3094,7 +3094,7 @@ CVE-2017-18239 (A time-sensitive equality check on the 
JWT signature in the ...)
 CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook 
file ...)
        - jupyter-notebook 5.4.1-1 (bug #893436)
        - ipython 5.1.0-2
-       [wheezy] - ipython <no-dsa> (requires implementation of sanitization 
first, see NOTES)
+       [wheezy] - ipython <ignored> (Too invasive to fix)
        NOTE: After the reupload of ipython to Debian as 4.1.2-1 via 
experimental
        NOTE: src:ipython does not provide anymore the Notebook
        NOTE: http://www.openwall.com/lists/oss-security/2018/03/15/2
@@ -8288,6 +8288,7 @@ CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 
1.8.2, when used to encrypt
        - libgcrypt11 <removed> (unimportant)
        - gnupg1 <unfixed> (unimportant)
        - gnupg <removed> (unimportant)
+       [wheezy] libgcrypt <no-dsa> (unimportant)
        NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
        NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
        NOTE: 
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -52,8 +52,6 @@ libav (Hugo Lefeuvre)
   NOTE: I am currently working on CVE triage but I will not be able to process 
the whole backlog until May.
   NOTE: Help is welcome, feel free to mail Hugo.
 --
-libgcrypt11
---
 libmad (Kurt Roeckx)
 --
 libraw



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a3e2c2844f1164ba8e611ef91d7d248b872e33f...0e4f8bf1085ccfaf8f0ce2bc81e80a1d002aa4ba

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a3e2c2844f1164ba8e611ef91d7d248b872e33f...0e4f8bf1085ccfaf8f0ce2bc81e80a1d002aa4ba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: triage ipython as ignored in wheezy instead of just no-dsa

Reply via email to