[Secure-testing-commits] r47101 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Thu Dec 15 12:52:27 UTC 2016
Author: apo
Date: 2016-12-15 12:52:27 +0000 (Thu, 15 Dec 2016)
New Revision: 47101
Modified:
data/CVE/list
Log:
simplesamlphp, incorrect signature verification, mark as no-dsa for Wheezy
with the same reasoning as CVE-2016-9814 because the circumstances to use this
flaw are hard to achieve and SimpleSAMLphp itself does not support DSA
signatures or keys.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-15 12:13:29 UTC (rev 47100)
+++ data/CVE/list 2016-12-15 12:52:27 UTC (rev 47101)
@@ -37,6 +37,7 @@
CVE-2016-XXXX [Incorrect signature verification]
- simplesamlphp 1.14.11-1 (low)
[jessie] - simplesamlphp <no-dsa> (Minor issue)
+ [wheezy] - simplesamlphp <no-dsa> (Minor issue)
NOTE: https://simplesamlphp.org/security/201612-02
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/14/7
More information about the Secure-testing-commits
mailing list