[Secure-testing-commits] r37248 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Oct 22 18:42:14 UTC 2015
Author: hertzog
Date: 2015-10-22 18:42:14 +0000 (Thu, 22 Oct 2015)
New Revision: 37248
Modified:
data/CVE/list
Log:
CVE-2015-7940 assigned for bouncycastle issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-22 18:19:20 UTC (rev 37247)
+++ data/CVE/list 2015-10-22 18:42:14 UTC (rev 37248)
@@ -2,9 +2,6 @@
- drupal7 <unfixed>
NOTE: https://www.drupal.org/SA-CORE-2015-004
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/21/6
-CVE-2015-7940 [invalid curve attack on bouncycastle]
- TODO: check
- NOTE: http://openwall.com/lists/oss-security/2015/10/22/7
CVE-2015-7885
- linux <unfixed>
- linux-2.6 <removed>
@@ -2175,14 +2172,13 @@
CVE-2015-7337 (The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x ...)
- ipython <not-affected> (Affects versions 3.0 to 3.2.1)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/16/3
-CVE-2015-XXXX [bouncycastle ecc leak]
+CVE-2015-7940 [bouncycastle ecc leak]
- bouncycastle <unfixed> (bug #802671)
[experimental] - bouncycastle 1.51-1
NOTE: https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
NOTE: Commits: https://github.com/bcgit/bc-java/commit/5cb2f05
NOTE: Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a
NOTE: Peter Dettman <peter.dettman at bouncycastle.org> offered to assist if backporting fails and to review the result.
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/22/7
CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in ...)
NOT-FOR-US: Joomla
CVE-2015-6936
More information about the Secure-testing-commits
mailing list