[Secure-testing-commits] r33330 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Apr 2 05:23:32 UTC 2015


Author: carnil
Date: 2015-04-02 05:23:32 +0000 (Thu, 02 Apr 2015)
New Revision: 33330

Modified:
   data/CVE/list
Log:
Add temporary item for the jwt issues, needs to be checked and entry updated/corrected

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-02 04:46:09 UTC (rev 33329)
+++ data/CVE/list	2015-04-02 05:23:32 UTC (rev 33330)
@@ -1,3 +1,9 @@
+CVE-2015-XXXX [Signature Bypass in several JSON Web Token Libraries]
+	- pyjwt <unfixed> (bug #781640)
+	- ruby-jwt <unfixed>
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/4
+	NOTE: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
+	TODO: check (various libraries)
 CVE-2015-2810
 	RESERVED
 CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager ...)




More information about the Secure-testing-commits mailing list