Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd006adc by Brian May at 2018-04-10T17:02:13+10:00
Annotate CVE-2018-6594
* Mark no-dsa in wheezy.
* Add comment about why this isn't being fixed upstream.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8659,11 +8659,14 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in
PyCrypto through 2.6.1 generat
- python-crypto <unfixed> (bug #889999)
[stretch] - python-crypto <no-dsa> (Minor issue)
[jessie] - python-crypto <no-dsa> (Minor issue)
+ [wheezy] - python-crypto <no-dsa> (Minor issue)
NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
NOTE: The issue is found as well in pycryptodome (fork from
python-crypto)
NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90
NOTE: PyCrytpodome:
https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8
(3.4.10)
NOTE: See further discussion as per
https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
+ NOTE: Upstream feels that this is not a vulnerability in
pycryptodome/python-crypto,
+ NOTE: but in an application using it in an insecure manner.
CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150.
Improper ...)
NOT-FOR-US: MalwareFox AntiMalware
CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow
local ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd006adcdd7c86fc658b4efabf17327a7e8100d6
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd006adcdd7c86fc658b4efabf17327a7e8100d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
