[Secure-testing-commits] r39835 - data/CVE
Ben Hutchings
benh at moszumanska.debian.org
Tue Feb 23 13:00:58 UTC 2016
Author: benh
Date: 2016-02-23 13:00:56 +0000 (Tue, 23 Feb 2016)
New Revision: 39835
Modified:
data/CVE/list
Log:
Add details of CVE-2016-0739 and CVE-2016-0787
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-23 12:42:50 UTC (rev 39834)
+++ data/CVE/list 2016-02-23 13:00:56 UTC (rev 39835)
@@ -5316,8 +5316,9 @@
RESERVED
CVE-2016-0788
RESERVED
-CVE-2016-0787
- RESERVED
+CVE-2016-0787 (Weak Diffie-Hellman secret generation in libssh2 before 1.7.0)
+ - libssh2 <unfixed>
+ NOTE: Upstream patch only fixes DH SHA-256 key exchange type, not DH SHA-1
CVE-2016-0786
RESERVED
CVE-2016-0785
@@ -5490,8 +5491,8 @@
NOTE: Issue when linked against libtiff >= 4.0.0
NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e (3.1.1)
NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/e782fe721e0156de9636e78cd881d9f9e7e6ce50 (2.0.0)
-CVE-2016-0739
- RESERVED
+CVE-2016-0739 (Weak Diffie-Hellman secret generation in libssh)
+ - libssh <unfixed>
CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...)
- swift 2.5.0-3 (bug #812984)
NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
More information about the Secure-testing-commits
mailing list