[Secure-testing-commits] r58583 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 14 20:16:16 UTC 2017
Author: carnil
Date: 2017-12-14 20:16:16 +0000 (Thu, 14 Dec 2017)
New Revision: 58583
Modified:
data/CVE/list
Log:
Update information for CVE-2017-13098/bouncycastle
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-14 19:45:29 UTC (rev 58582)
+++ data/CVE/list 2017-12-14 20:16:16 UTC (rev 58583)
@@ -17656,9 +17656,11 @@
NOTE: https://robotattack.org/
CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the ...)
- bouncycastle <unfixed> (bug #884241)
+ [jessie] - bouncycastle <not-affected> (Vulnerable code introduced in 1.56 with tls API addition)
[wheezy] - bouncycastle <not-affected> (Vulnerable code not present)
+ NOTE: Introduced by: https://github.com/bcgit/bc-java/commit/9b53e60792e14c65cd1dbfad65e88ec5949ce4b3
+ NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
NOTE: Fixed in 1.59 beta 9
- NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
NOTE: https://robotattack.org/
CVE-2017-13097
RESERVED
More information about the Secure-testing-commits
mailing list