[Secure-testing-commits] r39866 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Feb 23 20:41:37 UTC 2016
Author: carnil
Date: 2016-02-23 20:41:37 +0000 (Tue, 23 Feb 2016)
New Revision: 39866
Modified:
data/CVE/list
Log:
More botan issues added
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-23 20:38:48 UTC (rev 39865)
+++ data/CVE/list 2016-02-23 20:41:37 UTC (rev 39866)
@@ -9547,14 +9547,26 @@
NOT-FOR-US: Adobe
CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require ...)
NOT-FOR-US: SAP HANA
-CVE-2015-7827
+CVE-2015-7827 [PKCS #1 v1.5 decoding was not constant time]
RESERVED
-CVE-2015-7826
+ - botan1.10 <unfixed>
+ NOTE: Fixed in 1.11.22. Affected all previous versions
+ NOTE: http://botan.randombit.net/security.html
+CVE-2015-7826 [Acceptance of invalid certificate names]
RESERVED
-CVE-2015-7825
+ - botan1.10 <not-affected> (Introduced in 1.11.0)
+ NOTE: Introduced in 1.11.0, fixed in 1.11.22
+ NOTE: http://botan.randombit.net/security.html
+CVE-2015-7825 [Infinite loop during certificate path validation]
RESERVED
-CVE-2015-7824
+ - botan1.10 <not-affected> (Introduced in 1.11.6)
+ NOTE: Introduced in 1.11.6, fixed in 1.11.22
+ NOTE: http://botan.randombit.net/security.html
+CVE-2015-7824 [Padding oracle attack on TLS]
RESERVED
+ - botan1.10 <not-affected> (Introduced in 1.11.0)
+ NOTE: Introduced in 1.11.0, fixed in 1.11.22
+ NOTE: http://botan.randombit.net/security.html
CVE-2015-7823 (Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS ...)
NOT-FOR-US: Kentico CMS
CVE-2015-7822 (Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 ...)
More information about the Secure-testing-commits
mailing list