[Secure-testing-commits] r36656 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Sep 14 05:38:50 UTC 2015


Author: carnil
Date: 2015-09-14 05:38:50 +0000 (Mon, 14 Sep 2015)
New Revision: 36656

Modified:
   data/CVE/list
Log:
Mark libgcrypt as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-14 05:17:17 UTC (rev 36655)
+++ data/CVE/list	2015-09-14 05:38:50 UTC (rev 36656)
@@ -102,7 +102,10 @@
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2015-XXXX [hardening for RSA-CRT leak]
 	- libgcrypt11 <removed>
+	[wheezy] - libgcrypt11 <no-dsa> (Minor issue; additional hardening)
+	[squeeze] - libgcrypt11 <no-dsa> (Minor issue; additional hardening)
 	- libgcrypt20 <unfixed>
+	[jessie] - libgcrypt20 <no-dsa> (Minor issue; additional hardening)
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
 	NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE




More information about the Secure-testing-commits mailing list