[Git][security-tracker-team/security-tracker][master] Add CVE-2019-6690/python-gnupg

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c05f5a5 by Salvatore Bonaccorso at 2019-01-31T07:42:18Z
Add CVE-2019-6690/python-gnupg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1156,8 +1156,12 @@ CVE-2019-6692
        RESERVED
 CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the ...)
        NOT-FOR-US: phpwind
-CVE-2019-6690
+CVE-2019-6690 [improper input validation in gnupg.GPG.encrypt() and 
gnupg.GPG.decrypt()]
        RESERVED
+       - python-gnupg 0.4.4-1
+       NOTE: 
https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
+       NOTE: 
https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
+       NOTE: 
https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
 CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web 
framework ...)
        NOT-FOR-US: Jenkins
 CVE-2019-6689



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c05f5a530cdd6b1252c4f82cc6749e275c43c5b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c05f5a530cdd6b1252c4f82cc6749e275c43c5b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits