Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits: fd006adc by Brian May at 2018-04-10T17:02:13+10:00 Annotate CVE-2018-6594 * Mark no-dsa in wheezy. * Add comment about why this isn't being fixed upstream. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -8659,11 +8659,14 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generat - python-crypto <unfixed> (bug #889999) [stretch] - python-crypto <no-dsa> (Minor issue) [jessie] - python-crypto <no-dsa> (Minor issue) + [wheezy] - python-crypto <no-dsa> (Minor issue) NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253 NOTE: The issue is found as well in pycryptodome (fork from python-crypto) NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90 NOTE: PyCrytpodome: https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8 (3.4.10) NOTE: See further discussion as per https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537 + NOTE: Upstream feels that this is not a vulnerability in pycryptodome/python-crypto, + NOTE: but in an application using it in an insecure manner. CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...) NOT-FOR-US: MalwareFox AntiMalware CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd006adcdd7c86fc658b4efabf17327a7e8100d6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd006adcdd7c86fc658b4efabf17327a7e8100d6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits