[Secure-testing-commits] r40491 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Mar 21 05:24:30 UTC 2016
Author: carnil
Date: 2016-03-21 05:24:30 +0000 (Mon, 21 Mar 2016)
New Revision: 40491
Modified:
data/CVE/list
Log:
Mark python-rsa as no-dsa for jessie
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-20 22:36:18 UTC (rev 40490)
+++ data/CVE/list 2016-03-21 05:24:30 UTC (rev 40491)
@@ -6741,6 +6741,7 @@
NOTE: Introduced by: https://git.kernel.org/linus/ec011fe847347b40c60fdb5085f65227762e2e08 (v3.13-rc1)
CVE-2016-1494 (The verify function in the RSA package for Python (Python-RSA) before ...)
- python-rsa 3.2.3-1.1 (bug #809980)
+ [jessie] - python-rsa <no-dsa> (Minor issue)
NOTE: proposed fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
NOTE: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
CVE-2015-8604 [SQL Injection in graphs_new.php]
More information about the Secure-testing-commits
mailing list