[Secure-testing-commits] r36656 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Sep 14 05:38:50 UTC 2015
Author: carnil
Date: 2015-09-14 05:38:50 +0000 (Mon, 14 Sep 2015)
New Revision: 36656
Modified:
data/CVE/list
Log:
Mark libgcrypt as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-14 05:17:17 UTC (rev 36655)
+++ data/CVE/list 2015-09-14 05:38:50 UTC (rev 36656)
@@ -102,7 +102,10 @@
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-XXXX [hardening for RSA-CRT leak]
- libgcrypt11 <removed>
+ [wheezy] - libgcrypt11 <no-dsa> (Minor issue; additional hardening)
+ [squeeze] - libgcrypt11 <no-dsa> (Minor issue; additional hardening)
- libgcrypt20 <unfixed>
+ [jessie] - libgcrypt20 <no-dsa> (Minor issue; additional hardening)
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
More information about the Secure-testing-commits
mailing list