Author: carnil
Date: 2015-10-01 04:02:09 +0000 (Thu, 01 Oct 2015)
New Revision: 36927
Modified:
data/CVE/list
Log:
Update information for bouncycastle
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-01 03:24:26 UTC (rev 36926)
+++ data/CVE/list 2015-10-01 04:02:09 UTC (rev 36927)
@@ -1400,8 +1400,9 @@
CVE-2015-XXXX [bouncycastle ecc leak]
- bouncycastle <unfixed>
[experimental] - bouncycastle 1.51-1
- NOTE:
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
- NOTE: 2015-09-28: Mail sent to upstream authors to ask for commits to
backport (possibly https://github.com/bcgit/bc-java/commit/5cb2f05). --Raphael
Hertzog
+ NOTE:
https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
+ NOTE: Commits: https://github.com/bcgit/bc-java/commit/5cb2f05
+ NOTE: Possibly needed to include as well:
hptts://github.com/bcgit/bc-java/commit/e25e94a
CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in
...)
NOT-FOR-US: Joomla
CVE-2015-6936
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
