[Secure-testing-commits] r58669 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Dec 18 06:27:06 UTC 2017
Author: carnil
Date: 2017-12-18 06:27:05 +0000 (Mon, 18 Dec 2017)
New Revision: 58669
Modified:
data/CVE/list
Log:
Add fixing version for CVE-2017-13098/bouncycastle
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-17 23:15:58 UTC (rev 58668)
+++ data/CVE/list 2017-12-18 06:27:05 UTC (rev 58669)
@@ -20161,7 +20161,7 @@
NOTE: https://github.com/wolfSSL/wolfssl/pull/1229
NOTE: https://robotattack.org/
CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the ...)
- - bouncycastle <unfixed> (bug #884241)
+ - bouncycastle 1.58-1 (bug #884241)
[jessie] - bouncycastle <not-affected> (Vulnerable code introduced in 1.56 with tls API addition)
[wheezy] - bouncycastle <not-affected> (Vulnerable code not present)
NOTE: Introduced by: https://github.com/bcgit/bc-java/commit/9b53e60792e14c65cd1dbfad65e88ec5949ce4b3
More information about the Secure-testing-commits
mailing list