[Secure-testing-commits] r38708 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-01-05 05:40:06 +0000 (Tue, 05 Jan 2016)
New Revision: 38708

Modified:
   data/CVE/list
Log:
Add CVE-2016-1494/python-rsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-05 04:11:33 UTC (rev 38707)
+++ data/CVE/list	2016-01-05 05:40:06 UTC (rev 38708)
@@ -1,3 +1,8 @@
+CVE-2016-1494 [signature forgery]
+	- python-rsa <unfixed>
+	NOTE: Fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
+	NOTE: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
+	TODO: check
 CVE-2015-8604 [SQL Injection in graphs_new.php]
 	- cacti <unfixed>
 	NOTE: http://bugs.cacti.net/view.php?id=2652