[Secure-testing-commits] r36539 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 8 10:16:21 UTC 2015
Author: carnil
Date: 2015-09-08 10:16:21 +0000 (Tue, 08 Sep 2015)
New Revision: 36539
Modified:
data/CVE/list
Log:
Add libgcrypt issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-08 06:12:51 UTC (rev 36538)
+++ data/CVE/list 2015-09-08 10:16:21 UTC (rev 36539)
@@ -1,3 +1,9 @@
+CVE-2015-XXXX [hardening for RSA-CRT leak]
+ - libgcrypt11 <removed>
+ - libgcrypt20 <unfixed>
+ NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
+ NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
CVE-2015-XXXX [IP address exposure in FTP code]
- wget <unfixed>
NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
More information about the Secure-testing-commits
mailing list