Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
205e8413 by Salvatore Bonaccorso at 2018-02-16T21:30:36+01:00
Update status for CVE-2018-6829/{gnupg,gnupg1}
The libgcrypt implementation in gnupg1/gnupg would still be affected but
the GnuPG not using ElGamal for directly encrypting messages. As such
mark with severity unimportant.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -854,12 +854,12 @@ CVE-2018-6830
CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to
encrypt ...)
- libgcrypt20 <unfixed>
- libgcrypt11 <removed>
- - gnupg1 <not-affected>
- - gnupg <not-affected>
+ - gnupg1 <unfixed> (unimportant)
+ - gnupg <removed> (unimportant)
NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
NOTE:
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
- NOTE: GnuPG uses elgamal in hybrid mode so it is not affected
+ NOTE: GnuPG uses ElGamal in hybrid mode only.
CVE-2018-6828
RESERVED
CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509
certificates ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/205e8413b32ec945f73cba1c06586c4cc23a00c5
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/205e8413b32ec945f73cba1c06586c4cc23a00c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
