[Secure-testing-commits] r36705 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Sep 16 06:25:23 UTC 2015
Author: jmm
Date: 2015-09-16 06:25:19 +0000 (Wed, 16 Sep 2015)
New Revision: 36705
Modified:
data/CVE/list
Log:
new bouncycastle issue
n-m no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-15 22:12:17 UTC (rev 36704)
+++ data/CVE/list 2015-09-16 06:25:19 UTC (rev 36705)
@@ -1,3 +1,7 @@
+CVE-2015-XXXX [bouncycastle ecc leak]
+ - bouncycastle <unfixed>
+ [experimental] - bouncycastle 1.51-1
+ NOTE: http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
CVE-2015-6939
RESERVED
CVE-2015-6936
@@ -21063,6 +21067,7 @@
NOTE: Patch for the kernel to harden against invalid MTUs: http://article.gmane.org/gmane.linux.network/351269
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac (v4.0-rc3)
- network-manager <unfixed>
+ [jessie] - network-manager <no-dsa> (Will be fixed on the kernel side)
[wheezy] - network-manager <not-affected> (code introduced in 0.9.10)
[squeeze] - network-manager <not-affected> (code introduced in 0.9.10)
NOTE: Commit for NetworkManager: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9
More information about the Secure-testing-commits
mailing list