[Secure-testing-commits] r39450 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Feb 4 10:06:43 UTC 2016
Author: carnil
Date: 2016-02-04 10:06:42 +0000 (Thu, 04 Feb 2016)
New Revision: 39450
Modified:
data/CVE/list
Log:
Add descriptions for nettle CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-04 09:28:29 UTC (rev 39449)
+++ data/CVE/list 2016-02-04 10:06:42 UTC (rev 39450)
@@ -241,18 +241,18 @@
CVE-2015-8806 [Heap-buffer overread in libxml2/dict.c]
- libxml2 <unfixed> (bug #813613)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
-CVE-2015-8805
+CVE-2015-8805 [miscomputation bugs in secp-256r1 modulo functions]
- nettle <unfixed>
[wheezy] - nettle <not-affected> (Vulnerable code not present)
[squeeze] - nettle <not-affected> (Vulnerable code not present)
NOTE: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
-CVE-2015-8804
+CVE-2015-8804 [Miscalculations on secp384 curve]
- nettle <unfixed>
[wheezy] - nettle <not-affected> (Vulnerable code not present)
[squeeze] - nettle <not-affected> (Vulnerable code not present)
NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html
NOTE: https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
-CVE-2015-8803
+CVE-2015-8803 [secp256 calculation bug]
- nettle <unfixed>
[wheezy] - nettle <not-affected> (Vulnerable code not present)
[squeeze] - nettle <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list