[Secure-testing-commits] r39866 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Feb 23 20:41:37 UTC 2016


Author: carnil
Date: 2016-02-23 20:41:37 +0000 (Tue, 23 Feb 2016)
New Revision: 39866

Modified:
   data/CVE/list
Log:
More botan issues added

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-23 20:38:48 UTC (rev 39865)
+++ data/CVE/list	2016-02-23 20:41:37 UTC (rev 39866)
@@ -9547,14 +9547,26 @@
 	NOT-FOR-US: Adobe
 CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require ...)
 	NOT-FOR-US: SAP HANA
-CVE-2015-7827
+CVE-2015-7827 [PKCS #1 v1.5 decoding was not constant time]
 	RESERVED
-CVE-2015-7826
+	- botan1.10 <unfixed>
+	NOTE: Fixed in 1.11.22. Affected all previous versions
+	NOTE: http://botan.randombit.net/security.html
+CVE-2015-7826 [Acceptance of invalid certificate names]
 	RESERVED
-CVE-2015-7825
+	- botan1.10 <not-affected> (Introduced in 1.11.0)
+	NOTE: Introduced in 1.11.0, fixed in 1.11.22
+	NOTE: http://botan.randombit.net/security.html
+CVE-2015-7825 [Infinite loop during certificate path validation]
 	RESERVED
-CVE-2015-7824
+	- botan1.10 <not-affected> (Introduced in 1.11.6)
+	NOTE: Introduced in 1.11.6, fixed in 1.11.22
+	NOTE: http://botan.randombit.net/security.html
+CVE-2015-7824 [Padding oracle attack on TLS]
 	RESERVED
+	- botan1.10 <not-affected> (Introduced in 1.11.0)
+	NOTE: Introduced in 1.11.0, fixed in 1.11.22
+	NOTE: http://botan.randombit.net/security.html
 CVE-2015-7823 (Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS ...)
 	NOT-FOR-US: Kentico CMS
 CVE-2015-7822 (Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 ...)




More information about the Secure-testing-commits mailing list