[Git][security-tracker-team/security-tracker][master] Add note on CVE-2020-25658 and incorrect fix upstream

Salvatore Bonaccorso (@carnil) Sat, 25 Sep 2021 23:59:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
50adb3c4 by Salvatore Bonaccorso at 2021-09-26T08:58:56+02:00
Add note on CVE-2020-25658 and incorrect fix upstream

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69817,6 +69817,8 @@ CVE-2020-25658 (It was found that python-rsa is 
vulnerable to Bleichenbacher tim
        [buster] - python-rsa <no-dsa> (Minor issue)
        [stretch] - python-rsa <no-dsa> (Minor issue)
        NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165
+       NOTE: Presumed fix upstream in 4.7 does not address the issue:
+       NOTE: 
https://github.com/sybrenstuvel/python-rsa/issues/165#issuecomment-727580521
 CVE-2020-25657 (A flaw was found in all released versions of m2crypto, where 
they are  ...)
        - m2crypto <unfixed> (bug #975002)
        [bullseye] - m2crypto <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50adb3c4e01b3690f9000700170dc7a3bc1a9e81

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50adb3c4e01b3690f9000700170dc7a3bc1a9e81
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add note on CVE-2020-25658 and incorrect fix upstream

Reply via email to