[Secure-testing-commits] r58583 - data/CVE

Salvatore Bonaccorso Thu, 14 Dec 2017 12:16:36 -0800

Author: carnil
Date: 2017-12-14 20:16:16 +0000 (Thu, 14 Dec 2017)
New Revision: 58583


Modified:
   data/CVE/list
Log:
Update information for CVE-2017-13098/bouncycastle

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-14 19:45:29 UTC (rev 58582)
+++ data/CVE/list       2017-12-14 20:16:16 UTC (rev 58583)
@@ -17656,9 +17656,11 @@
        NOTE: https://robotattack.org/
 CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to 
use the ...)
        - bouncycastle <unfixed> (bug #884241)
+       [jessie] - bouncycastle <not-affected> (Vulnerable code introduced in 
1.56 with tls API addition)
        [wheezy] - bouncycastle <not-affected> (Vulnerable code not present)
+       NOTE: Introduced by: 
https://github.com/bcgit/bc-java/commit/9b53e60792e14c65cd1dbfad65e88ec5949ce4b3
+       NOTE: Fixed by: 
https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
        NOTE: Fixed in 1.59 beta 9
-       NOTE: Fixed by: 
https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
        NOTE: https://robotattack.org/
 CVE-2017-13097
        RESERVED


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58583 - data/CVE

Reply via email to