[Secure-testing-commits] r36927 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Oct 1 04:02:10 UTC 2015
Author: carnil
Date: 2015-10-01 04:02:09 +0000 (Thu, 01 Oct 2015)
New Revision: 36927
Modified:
data/CVE/list
Log:
Update information for bouncycastle
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-01 03:24:26 UTC (rev 36926)
+++ data/CVE/list 2015-10-01 04:02:09 UTC (rev 36927)
@@ -1400,8 +1400,9 @@
CVE-2015-XXXX [bouncycastle ecc leak]
- bouncycastle <unfixed>
[experimental] - bouncycastle 1.51-1
- NOTE: http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
- NOTE: 2015-09-28: Mail sent to upstream authors to ask for commits to backport (possibly https://github.com/bcgit/bc-java/commit/5cb2f05). --Raphael Hertzog
+ NOTE: https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
+ NOTE: Commits: https://github.com/bcgit/bc-java/commit/5cb2f05
+ NOTE: Possibly needed to include as well: hptts://github.com/bcgit/bc-java/commit/e25e94a
CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in ...)
NOT-FOR-US: Joomla
CVE-2015-6936
More information about the Secure-testing-commits
mailing list