Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 205e8413 by Salvatore Bonaccorso at 2018-02-16T21:30:36+01:00 Update status for CVE-2018-6829/{gnupg,gnupg1} The libgcrypt implementation in gnupg1/gnupg would still be affected but the GnuPG not using ElGamal for directly encrypting messages. As such mark with severity unimportant. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -854,12 +854,12 @@ CVE-2018-6830 CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...) - libgcrypt20 <unfixed> - libgcrypt11 <removed> - - gnupg1 <not-affected> - - gnupg <not-affected> + - gnupg1 <unfixed> (unimportant) + - gnupg <removed> (unimportant) NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html - NOTE: GnuPG uses elgamal in hybrid mode so it is not affected + NOTE: GnuPG uses ElGamal in hybrid mode only. CVE-2018-6828 RESERVED CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/205e8413b32ec945f73cba1c06586c4cc23a00c5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/205e8413b32ec945f73cba1c06586c4cc23a00c5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits