[Secure-testing-commits] r47557 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 29 15:43:31 UTC 2016
Author: carnil
Date: 2016-12-29 15:43:31 +0000 (Thu, 29 Dec 2016)
New Revision: 47557
Modified:
data/CVE/list
Log:
Mark python-crypto as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-29 10:57:21 UTC (rev 47556)
+++ data/CVE/list 2016-12-29 15:43:31 UTC (rev 47557)
@@ -21198,8 +21198,12 @@
RESERVED
CVE-2013-7459 [Buffer overflow]
- python-crypto 2.6.1-7 (bug #849495)
+ [jessie] - python-crypto <no-dsa> (Minor issue)
NOTE: https://github.com/dlitz/pycrypto/issues/176
NOTE: Fixed by: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+ NOTE: All users of pycrypto's AES module in Debian that allow the mode
+ NOTE: of operation to be specified from outside check for ECB explicitly
+ NOTE: and create the objects without specifying an IV.
CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable ...)
{DSA-3634-1 DLA-577-1}
- redis 2:3.2.1-4 (bug #832460)
More information about the Secure-testing-commits
mailing list