[Secure-testing-commits] r38735 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Jan 6 18:04:12 UTC 2016
Author: carnil
Date: 2016-01-06 18:04:12 +0000 (Wed, 06 Jan 2016)
New Revision: 38735
Modified:
data/CVE/list
Log:
Add bug reference for python-rsa issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-06 17:43:07 UTC (rev 38734)
+++ data/CVE/list 2016-01-06 18:04:12 UTC (rev 38735)
@@ -448,7 +448,7 @@
NOTE: Introduced by: https://git.kernel.org/linus/ec011fe847347b40c60fdb5085f65227762e2e08 (v3.13-rc1)
CVE-2016-1494 [signature forgery]
RESERVED
- - python-rsa <unfixed>
+ - python-rsa <unfixed> (bug #809980)
NOTE: proposed fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
NOTE: proposed fix not yet merged
NOTE: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
More information about the Secure-testing-commits
mailing list