[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Annotate CVE-2018-6594

Tue, 10 Apr 2018 00:16:13 -0700 

Brian May pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd006adc by Brian May at 2018-04-10T17:02:13+10:00
Annotate CVE-2018-6594

* Mark no-dsa in wheezy.
* Add comment about why this isn't being fixed upstream.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8659,11 +8659,14 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in 
PyCrypto through 2.6.1 generat
        - python-crypto <unfixed> (bug #889999)
        [stretch] - python-crypto <no-dsa> (Minor issue)
        [jessie] - python-crypto <no-dsa> (Minor issue)
+       [wheezy] - python-crypto <no-dsa> (Minor issue)
        NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
        NOTE: The issue is found as well in pycryptodome (fork from 
python-crypto)
        NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90
        NOTE: PyCrytpodome: 
https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8
 (3.4.10)
        NOTE: See further discussion as per 
https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
+       NOTE: Upstream feels that this is not a vulnerability in 
pycryptodome/python-crypto,
+       NOTE: but in an application using it in an insecure manner.
 CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. 
Improper ...)
        NOT-FOR-US: MalwareFox AntiMalware
 CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow 
local ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd006adcdd7c86fc658b4efabf17327a7e8100d6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd006adcdd7c86fc658b4efabf17327a7e8100d6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to