Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker
Commits: e0d312af by Antoine Beaupré at 2018-04-11T16:19:56-04:00 triage ipython as ignored in wheezy instead of just no-dsa we do not need to look back into that so use the more standard approach to fixing this. - - - - - 0e4f8bf1 by Antoine Beaupré at 2018-04-11T16:19:57-04:00 triage libgcrypt out of lts - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -3094,7 +3094,7 @@ CVE-2017-18239 (A time-sensitive equality check on the JWT signature in the ...) CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file ...) - jupyter-notebook 5.4.1-1 (bug #893436) - ipython 5.1.0-2 - [wheezy] - ipython <no-dsa> (requires implementation of sanitization first, see NOTES) + [wheezy] - ipython <ignored> (Too invasive to fix) NOTE: After the reupload of ipython to Debian as 4.1.2-1 via experimental NOTE: src:ipython does not provide anymore the Notebook NOTE: http://www.openwall.com/lists/oss-security/2018/03/15/2 @@ -8288,6 +8288,7 @@ CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt - libgcrypt11 <removed> (unimportant) - gnupg1 <unfixed> (unimportant) - gnupg <removed> (unimportant) + [wheezy] libgcrypt <no-dsa> (unimportant) NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html ===================================== data/dla-needed.txt ===================================== --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -52,8 +52,6 @@ libav (Hugo Lefeuvre) NOTE: I am currently working on CVE triage but I will not be able to process the whole backlog until May. NOTE: Help is welcome, feel free to mail Hugo. -- -libgcrypt11 --- libmad (Kurt Roeckx) -- libraw View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a3e2c2844f1164ba8e611ef91d7d248b872e33f...0e4f8bf1085ccfaf8f0ce2bc81e80a1d002aa4ba --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a3e2c2844f1164ba8e611ef91d7d248b872e33f...0e4f8bf1085ccfaf8f0ce2bc81e80a1d002aa4ba You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits